diff --git a/.vscode/CustomRules/UseCorrectMethodCasing.psm1 b/.vscode/CustomRules/UseCorrectMethodCasing.psm1 new file mode 100644 index 0000000000..0852c9c577 --- /dev/null +++ b/.vscode/CustomRules/UseCorrectMethodCasing.psm1 @@ -0,0 +1,67 @@ +<# +.SYNOPSIS + Use correct method casing in the method name. +.DESCRIPTION + Methods called on an object should use the correct casing (PascalCase) for the method name. +.EXAMPLE + $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $MyInvocation.MyCommand.ModuleName.replace('MSFT_', '') + The first example is correct, the second example is incorrect. +#> + +function Use-CorrectMethodCasing { + [CmdletBinding()] + [OutputType([Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.DiagnosticRecord[]])] + param ( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.Language.ScriptBlockAst] + $ScriptBlockAst + ) + + Process + { + $results = @() + try + { + [System.Management.Automation.Language.InvokeMemberExpressionAst[]]$memberAst = $ScriptBlockAst.FindAll({$Args[0].GetType().Name -eq 'InvokeMemberExpressionAst'}, $true) + + foreach ($member in $memberAst) + { + if ($member.Member.Value -cmatch '^[a-z]') { + [int]$startLineNumber = $member.Extent.StartLineNumber + [int]$endLineNumber = $member.Extent.EndLineNumber + [int]$startColumnNumber = $member.Extent.StartColumnNumber + [int]$endColumnNumber = $member.Extent.EndColumnNumber + [string]$file = $MyInvocation.MyCommand.Definition + + $correctedString = $member.Member.Value.Substring(0, 1).ToUpper() + $member.Member.Value.Substring(1) + [string]$correction = $member.Extent.Text.Replace($member.Member.Value, $correctedString) + [string]$optionalDescription = "Replace '$($member.Member.Value)' with '$($member.Member.Value.Substring(0, 1).ToUpper() + $member.Member.Value.Substring(1))'." + $objParams = @{ + TypeName = 'Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.CorrectionExtent' + ArgumentList = $startLineNumber, $endLineNumber, $startColumnNumber, + $endColumnNumber, $correction, $file, $optionalDescription + } + $correctionExtent = New-Object @objParams + $suggestedCorrections = New-Object System.Collections.ObjectModel.Collection[$($objParams.TypeName)] + $suggestedCorrections.Add($correctionExtent) | Out-Null + + $results += [Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.DiagnosticRecord]@{ + Message = 'Use correct method casing in the method name.' + Extent = $member.Extent + RuleName = $PSCmdlet.MyInvocation.InvocationName + Severity = 'Warning' + SuggestedCorrections = $suggestedCorrections + } + } + } + } + catch + { + $PSCmdlet.ThrowTerminatingError( $_ ) + } + + return $results + } +} \ No newline at end of file diff --git a/.vscode/ScriptAnalyzerSettings.psd1 b/.vscode/ScriptAnalyzerSettings.psd1 index dfe7f066bb..be59787f6d 100644 --- a/.vscode/ScriptAnalyzerSettings.psd1 +++ b/.vscode/ScriptAnalyzerSettings.psd1 @@ -1,8 +1,16 @@ @{ - Severity = @('Error', - 'Warning') - ExcludeRules = @('PSMissingModuleManifestField', + Severity = @( + 'Error', + 'Warning' + ) + ExcludeRules = @( + 'PSMissingModuleManifestField', 'PSUseShouldProcessForStateChangingFunctions', 'PSAvoidGlobalVars', - 'PSAvoidUsingWriteHost') + 'PSAvoidUsingWriteHost' + ) + CustomRulePath = @( + '.vscode\CustomRules\UseCorrectMethodCasing.psm1' + ) + IncludeDefaultRules = $true } diff --git a/CHANGELOG.md b/CHANGELOG.md index b4e9918ea3..d8c8952a7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,47 @@ # Change log for Microsoft365DSC +# 1.24.1204.1 + +* All resources + * Applying project default formatting on all files, to improve + reading and troubleshooting. +* AADAccessReviewDefinition + * Added support for #microsoft.graph.accessReviewInactiveUsersQueryScope in odatatype. +* AADActivityBasedTimeoutPolicy + * Added support for AccessTokens. +* AADClaimsMappingPolicy + * Fixed policy retrieval + FIXES [#5505](https://github.com/microsoft/Microsoft365DSC/issues/5505) +* AADIdentityAPIConnector + * Changed the export logic to export passwords as credential objects instead of string. +* AADRoleManagementPolicyRule + * Added the logic to handle filters in the Export logic flow. +* EXOAuthenticationPolicyAssignment + * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. +* EXOClientAccessRule + * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. +* EXOManagementRoleAssignment + * Changed logic to detect drift. +* EXOServicePrincipal + * Removed ObjectID from the return of the Get-TargetResource method. +* EXOTeamsProtectionPolicy + * Initial release + FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296) +* EXOTransportRule + * Fixed conditional logic for creation and update. +* IntuneTrustedRootCertificateIOS + * Initial release +* IntuneVPNConfigurationPolicyIOS + * Initial release. +* M365DSCRuleEvaluation + * Only attempt to pass AccessTokens if specified. +* SPORetentionLabelsSettings + * Initial release. +* MISC + * M365DSCDRGUtil + * Add separate check for strings with ordinal comparison and standardized line breaks. + + # 1.24.1127.1 * AAD @@ -36,6 +78,10 @@ * Improve verbose output and fix copy-pasted variables. * IntuneRoleScopeTag * Initial release. +* IntuneTrustedRootCertificateAndroidDeviceOwner + * Initial release. +* IntuneTrustedRootCertificateAndroidEnterprise + * Initial release. * TeamsUserPolicyAssignment * Added support for the Global policies. * TeamsUpgradePolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 index 2810be790b..ecc41b20ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 @@ -88,7 +88,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaIdentityGovernanceAccessReviewDefinition -AccessReviewScheduleDefinitionId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaIdentityGovernanceAccessReviewDefinition -AccessReviewScheduleDefinitionId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -100,8 +100,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.AccessReviewScheduleDefinition" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.AccessReviewScheduleDefinition' + } } } #endregion @@ -130,12 +130,12 @@ function Get-TargetResource { $myPrincipalScopes.Add('odataType', $currentPrincipalScopes.'@odata.type'.ToString()) } - if ($myPrincipalScopes.values.Where({$null -ne $_}).Count -gt 0) + if ($myPrincipalScopes.values.Where({ $null -ne $_ }).Count -gt 0) { $complexPrincipalScopes += $myPrincipalScopes } } - $complexScope.Add('PrincipalScopes',$complexPrincipalScopes) + $complexScope.Add('PrincipalScopes', $complexPrincipalScopes) $complexResourceScopes = @() foreach ($currentResourceScopes in $getValue.Scope.AdditionalProperties.resourceScopes) { @@ -147,19 +147,19 @@ function Get-TargetResource { $myResourceScopes.Add('odataType', $currentResourceScopes.'@odata.type'.ToString()) } - if ($myResourceScopes.values.Where({$null -ne $_}).Count -gt 0) + if ($myResourceScopes.values.Where({ $null -ne $_ }).Count -gt 0) { $complexResourceScopes += $myResourceScopes } } - $complexScope.Add('ResourceScopes',$complexResourceScopes) + $complexScope.Add('ResourceScopes', $complexResourceScopes) if ($null -ne $getValue.Scope.AdditionalProperties.'@odata.type') { $complexScope.Add('odataType', $getValue.Scope.AdditionalProperties.'@odata.type'.ToString()) } - if ($complexScope.values.Where({$null -ne $_}).Count -eq 0) + if ($complexScope.values.Where({ $null -ne $_ }).Count -eq 0) { $complexScope = $null } @@ -173,12 +173,12 @@ function Get-TargetResource { $myApplyActions.Add('odataType', $currentApplyActions.AdditionalProperties.'@odata.type'.ToString()) } - if ($myApplyActions.values.Where({$null -ne $_}).Count -gt 0) + if ($myApplyActions.values.Where({ $null -ne $_ }).Count -gt 0) { $complexApplyActions += $myApplyActions } } - $complexSettings.Add('ApplyActions',$complexApplyActions) + $complexSettings.Add('ApplyActions', $complexApplyActions) $complexSettings.Add('AutoApplyDecisionsEnabled', $getValue.Settings.autoApplyDecisionsEnabled) $complexSettings.Add('DecisionHistoriesForReviewersEnabled', $getValue.Settings.decisionHistoriesForReviewersEnabled) $complexSettings.Add('DefaultDecision', $getValue.Settings.defaultDecision) @@ -199,12 +199,12 @@ function Get-TargetResource { $myRecommendationInsightSettings.Add('odataType', $currentRecommendationInsightSettings.AdditionalProperties.'@odata.type'.ToString()) } - if ($myRecommendationInsightSettings.values.Where({$null -ne $_}).Count -gt 0) + if ($myRecommendationInsightSettings.values.Where({ $null -ne $_ }).Count -gt 0) { $complexRecommendationInsightSettings += $myRecommendationInsightSettings } } - $complexSettings.Add('RecommendationInsightSettings',$complexRecommendationInsightSettings) + $complexSettings.Add('RecommendationInsightSettings', $complexRecommendationInsightSettings) if ($null -ne $getValue.Settings.recommendationLookBackDuration) { @@ -220,8 +220,8 @@ function Get-TargetResource } if ($null -ne $getValue.settings.recurrence.pattern.firstDayOfWeek) { - $complexFirstDaysOfWeek = [String]::Join(", ", $getValue.settings.recurrence.pattern.firstDayOfWeek) - $complexPattern.Add('FirstDayOfWeek',$complexFirstDaysOfWeek) + $complexFirstDaysOfWeek = [String]::Join(', ', $getValue.settings.recurrence.pattern.firstDayOfWeek) + $complexPattern.Add('FirstDayOfWeek', $complexFirstDaysOfWeek) } if ($null -ne $getValue.settings.recurrence.pattern.index) { @@ -233,11 +233,11 @@ function Get-TargetResource { $complexPattern.Add('Type', $getValue.settings.recurrence.pattern.type.ToString()) } - if ($complexPattern.values.Where({$null -ne $_}).Count -eq 0) + if ($complexPattern.values.Where({ $null -ne $_ }).Count -eq 0) { $complexPattern = $null } - $complexRecurrence.Add('Pattern',$complexPattern) + $complexRecurrence.Add('Pattern', $complexPattern) $complexRange = @{} if ($null -ne $getValue.settings.recurrence.range.endDate) { @@ -253,18 +253,18 @@ function Get-TargetResource { $complexRange.Add('Type', $getValue.settings.recurrence.range.type.ToString()) } - if ($complexRange.values.Where({$null -ne $_}).Count -eq 0) + if ($complexRange.values.Where({ $null -ne $_ }).Count -eq 0) { $complexRange = $null } - $complexRecurrence.Add('Range',$complexRange) - if ($complexRecurrence.values.Where({$null -ne $_}).Count -eq 0) + $complexRecurrence.Add('Range', $complexRange) + if ($complexRecurrence.values.Where({ $null -ne $_ }).Count -eq 0) { $complexRecurrence = $null } - $complexSettings.Add('Recurrence',$complexRecurrence) + $complexSettings.Add('Recurrence', $complexRecurrence) $complexSettings.Add('ReminderNotificationsEnabled', $getValue.Settings.reminderNotificationsEnabled) - if ($complexSettings.values.Where({$null -ne $_}).Count -eq 0) + if ($complexSettings.values.Where({ $null -ne $_ }).Count -eq 0) { $complexSettings = $null } @@ -294,16 +294,16 @@ function Get-TargetResource { $myRecommendationInsightSettings.Add('odataType', $currentRecommendationInsightSettings.'@odata.type'.ToString()) } - if ($myRecommendationInsightSettings.values.Where({$null -ne $_}).Count -gt 0) + if ($myRecommendationInsightSettings.values.Where({ $null -ne $_ }).Count -gt 0) { $complexRecommendationInsightSettings += $myRecommendationInsightSettings } } - $myStageSettings.Add('RecommendationInsightSettings',$complexRecommendationInsightSettings) + $myStageSettings.Add('RecommendationInsightSettings', $complexRecommendationInsightSettings) $myStageSettings.Add('RecommendationLookBackDuration', $currentStageSettings.recommendationLookBackDuration) $myStageSettings.Add('RecommendationsEnabled', $currentStageSettings.recommendationsEnabled) $myStageSettings.Add('StageId', $currentStageSettings.stageId) - if ($myStageSettings.values.Where({$null -ne $_}).Count -gt 0) + if ($myStageSettings.values.Where({ $null -ne $_ }).Count -gt 0) { $complexStageSettings += $myStageSettings } @@ -311,20 +311,20 @@ function Get-TargetResource #endregion $results = @{ - DescriptionForAdmins = $getValue.DescriptionForAdmins - DescriptionForReviewers = $getValue.DescriptionForReviewers - DisplayName = $getValue.DisplayName - ScopeValue = $complexScope - SettingsValue = $complexSettings - StageSettings = $complexStageSettings - Id = $getValue.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + DescriptionForAdmins = $getValue.DescriptionForAdmins + DescriptionForReviewers = $getValue.DescriptionForReviewers + DisplayName = $getValue.DisplayName + ScopeValue = $complexScope + SettingsValue = $complexSettings + StageSettings = $complexStageSettings + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } return [System.Collections.Hashtable] $results @@ -424,11 +424,12 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - if($StageSettings -ne $null) + if ($StageSettings -ne $null) { - Write-Verbose -Message "StageSettings cannot be updated after creation of access review definition." + Write-Verbose -Message 'StageSettings cannot be updated after creation of access review definition.' - if($currentInstance.Ensure -ne 'Absent') { + if ($currentInstance.Ensure -ne 'Absent') + { Write-Verbose -Message "Removing the Azure AD Access Review Definition with Id {$($currentInstance.Id)}" Remove-MgBetaIdentityGovernanceAccessReviewDefinition -AccessReviewScheduleDefinitionId $currentInstance.Id } @@ -446,27 +447,31 @@ function Set-TargetResource $createParameters.Add('Settings', $createParameters.SettingsValue) $createParameters.Remove('SettingsValue') | Out-Null - foreach ($hashtable in $createParameters.StageSettings) { + foreach ($hashtable in $createParameters.StageSettings) + { $propertyToRemove = 'DependsOnValue' $newProperty = 'DependsOn' - if ($hashtable.ContainsKey($propertyToRemove)) { + if ($hashtable.ContainsKey($propertyToRemove)) + { $value = $hashtable[$propertyToRemove] $hashtable[$newProperty] = $value $hashtable.Remove($propertyToRemove) } } - foreach ($hashtable in $createParameters.StageSettings) { + foreach ($hashtable in $createParameters.StageSettings) + { $keys = (([Hashtable]$hashtable).Clone()).Keys foreach ($key in $keys) { $value = $hashtable.$key $hashtable.Remove($key) - $hashtable.Add($key.Substring(0,1).ToLower() + $key.Substring(1), $value) + $hashtable.Add($key.Substring(0, 1).ToLower() + $key.Substring(1), $value) } } - foreach ($hashtable in $createParameters.StageSettings) { + foreach ($hashtable in $createParameters.StageSettings) + { Write-Verbose -Message "Priting Values: $(Convert-M365DscHashtableToString -Hashtable $hashtable)" } @@ -478,9 +483,9 @@ function Set-TargetResource $createParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $createParameters.$key } } - $createParameters.Add("@odata.type", "#microsoft.graph.AccessReviewScheduleDefinition") + $createParameters.Add('@odata.type', '#microsoft.graph.AccessReviewScheduleDefinition') $policy = New-MgBetaIdentityGovernanceAccessReviewDefinition -BodyParameter $createParameters - return; + return } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') @@ -499,27 +504,31 @@ function Set-TargetResource $createParameters.Add('Settings', $createParameters.SettingsValue) $createParameters.Remove('SettingsValue') | Out-Null - foreach ($hashtable in $createParameters.StageSettings) { + foreach ($hashtable in $createParameters.StageSettings) + { $propertyToRemove = 'DependsOnValue' $newProperty = 'DependsOn' - if ($hashtable.ContainsKey($propertyToRemove)) { + if ($hashtable.ContainsKey($propertyToRemove)) + { $value = $hashtable[$propertyToRemove] $hashtable[$newProperty] = $value $hashtable.Remove($propertyToRemove) } } - foreach ($hashtable in $createParameters.StageSettings) { + foreach ($hashtable in $createParameters.StageSettings) + { $keys = (([Hashtable]$hashtable).Clone()).Keys foreach ($key in $keys) { $value = $hashtable.$key $hashtable.Remove($key) - $hashtable.Add($key.Substring(0,1).ToLower() + $key.Substring(1), $value) + $hashtable.Add($key.Substring(0, 1).ToLower() + $key.Substring(1), $value) } } - foreach ($hashtable in $createParameters.StageSettings) { + foreach ($hashtable in $createParameters.StageSettings) + { Write-Verbose -Message "Priting Values: $(Convert-M365DscHashtableToString -Hashtable $hashtable)" } @@ -532,7 +541,7 @@ function Set-TargetResource } } #region resource generator code - $createParameters.Add("@odata.type", "#microsoft.graph.AccessReviewScheduleDefinition") + $createParameters.Add('@odata.type', '#microsoft.graph.AccessReviewScheduleDefinition') $policy = New-MgBetaIdentityGovernanceAccessReviewDefinition -BodyParameter $createParameters #endregion } @@ -562,7 +571,7 @@ function Set-TargetResource } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.AccessReviewScheduleDefinition") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.AccessReviewScheduleDefinition') Set-MgBetaIdentityGovernanceAccessReviewDefinition ` -AccessReviewScheduleDefinitionId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -794,16 +803,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -813,19 +822,19 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'ScopeValue' + Name = 'ScopeValue' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } @{ - Name = 'PrincipalScopes' + Name = 'PrincipalScopes' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ResourceScopes' + Name = 'ResourceScopes' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -846,34 +855,34 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'SettingsValue' + Name = 'SettingsValue' CimInstanceName = 'MicrosoftGraphAccessReviewScheduleSettings' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ApplyActions' + Name = 'ApplyActions' CimInstanceName = 'MicrosoftGraphAccessReviewApplyAction' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RecommendationInsightSettings' + Name = 'RecommendationInsightSettings' CimInstanceName = 'MicrosoftGraphAccessReviewRecommendationInsightSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Recurrence' + Name = 'Recurrence' CimInstanceName = 'MicrosoftGraphPatternedRecurrence' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Pattern' + Name = 'Pattern' CimInstanceName = 'MicrosoftGraphRecurrencePattern' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Range' + Name = 'Range' CimInstanceName = 'MicrosoftGraphRecurrenceRange' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -894,34 +903,34 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'StageSettings' + Name = 'StageSettings' CimInstanceName = 'MicrosoftGraphAccessReviewStageSettings' - IsRequired = $False + IsRequired = $False } @{ - Name = 'PrincipalScopes' + Name = 'PrincipalScopes' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ResourceScopes' + Name = 'ResourceScopes' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RecommendationInsightSettings' + Name = 'RecommendationInsightSettings' CimInstanceName = 'MicrosoftGraphAccessReviewRecommendationInsightSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'PrincipalScopes' + Name = 'PrincipalScopes' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ResourceScopes' + Name = 'ResourceScopes' CimInstanceName = 'MicrosoftGraphAccessReviewScope' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -946,15 +955,15 @@ function Export-TargetResource -Credential $Credential if ($Results.ScopeValue) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ScopeValue" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ScopeValue' -IsCIMArray:$False } if ($Results.SettingsValue) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SettingsValue" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SettingsValue' -IsCIMArray:$False } if ($Results.StageSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "StageSettings" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'StageSettings' -IsCIMArray:$True } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.schema.mof index dcac4dc864..d1dd7c9b71 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.schema.mof @@ -6,7 +6,7 @@ class MSFT_MicrosoftGraphAccessReviewScope [Write, Description("Indicates the type of query. Types include MicrosoftGraph and ARM.")] String QueryType; [Write, Description("Defines the scopes of the principals for which access to resources are reviewed in the access review."), EmbeddedInstance("MSFT_MicrosoftGraphAccessReviewScope")] String PrincipalScopes[]; [Write, Description("Defines the scopes of the resources for which access is reviewed."), EmbeddedInstance("MSFT_MicrosoftGraphAccessReviewScope")] String ResourceScopes[]; - [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope"}, Values{"#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope"}] String odataType; + [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope","#microsoft.graph.accessReviewInactiveUsersQueryScope"}, Values{"#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope","#microsoft.graph.accessReviewInactiveUsersQueryScope"}] String odataType; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphAccessReviewScheduleSettings diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/settings.json index f609988203..6a0eee34be 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/settings.json @@ -1,29 +1,24 @@ { "resourceName": "AADAccessReviewDefinition", "description": "This resource configures an Azure AD Access Review Definition.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "AccessReview.Read.All" - } - ], - "update": [ - - ] - }, - "application": { - "read": [ - { - "name": "AccessReview.Read.All" - } - ], - "update": [ - - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "AccessReview.Read.All" + } + ], + "update": [] + }, + "application": { + "read": [ + { + "name": "AccessReview.Read.All" + } + ], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 index a77718b9eb..497aec8745 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 @@ -51,7 +51,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -88,8 +92,8 @@ function Get-TargetResource #Azure portal timeout $timeout = $getValue.Definition | ConvertFrom-Json - $AzurePortalTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object{$_.ApplicationId -match "c44b4083-3bb0-49c1-b47d-974e53cbdf3c"}).WebSessionIdleTimeout - $DefaultTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object{$_.ApplicationId -match "default"}).WebSessionIdleTimeout + $AzurePortalTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object { $_.ApplicationId -match 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c' }).WebSessionIdleTimeout + $DefaultTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object { $_.ApplicationId -match 'default' }).WebSessionIdleTimeout $results = @{ #region resource generator code @@ -104,6 +108,7 @@ function Get-TargetResource ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens #endregion } @@ -171,7 +176,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -191,46 +200,47 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $AzurePortalTimeOutexist = $false $DefaultTimeOutexistst = $false - if($BoundParameters.ContainsKey('AzurePortalTimeOut') ` + if ($BoundParameters.ContainsKey('AzurePortalTimeOut') ` -and $null -ne $BoundParameters.AzurePortalTimeOut ` -and $BoundParameters.AzurePortalTimeOut -ne '' ` -and $BoundParameters.AzurePortalTimeOut -ne $nullString) - { - $AzurePortalTimeOutexist = $true - } - if($BoundParameters.ContainsKey('DefaultTimeOut') ` + { + $AzurePortalTimeOutexist = $true + } + if ($BoundParameters.ContainsKey('DefaultTimeOut') ` -and $null -ne $BoundParameters.DefaultTimeOut ` -and $BoundParameters.DefaultTimeOut -ne '' ` -and $BoundParameters.DefaultTimeOut -ne $nullString) - { - $DefaultTimeOutexistst = $true - } + { + $DefaultTimeOutexistst = $true + } $ApplicationPolicies = @() if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" - if($AzurePortalTimeOutexist) + if ($AzurePortalTimeOutexist) { $ApplicationPolicies += @{ - ApplicationId = "c44b4083-3bb0-49c1-b47d-974e53cbdf3c" - WebSessionIdleTimeout = "$AzurePortalTimeOut" - } + ApplicationId = 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c' + WebSessionIdleTimeout = "$AzurePortalTimeOut" + } } - if($DefaultTimeOutexistst) + if ($DefaultTimeOutexistst) { $ApplicationPolicies += @{ - ApplicationId = "default" + ApplicationId = 'default' WebSessionIdleTimeout = "$DefaultTimeOut" } } - if($null -eq $ApplicationPolicies) + if ($null -eq $ApplicationPolicies) { - throw "At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified" + throw 'At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified' } - elseif($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) { + elseif ($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) + { $policy = @{ ActivityBasedTimeoutPolicy = @{ - Version = 1 + Version = 1 ApplicationPolicies = @( $ApplicationPolicies ) @@ -239,10 +249,10 @@ function Set-TargetResource $json = $policy | ConvertTo-Json -Depth 10 -Compress $params = @{ - definition = @( + definition = @( "$json" ) - displayName = "displayName-value" + displayName = 'displayName-value' isOrganizationDefault = $true } @@ -252,28 +262,29 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Creating an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" - if($AzurePortalTimeOutexist) + if ($AzurePortalTimeOutexist) { $ApplicationPolicies += @{ - ApplicationId = "c44b4083-3bb0-49c1-b47d-974e53cbdf3c" - WebSessionIdleTimeout = "$AzurePortalTimeOut" - } + ApplicationId = 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c' + WebSessionIdleTimeout = "$AzurePortalTimeOut" + } } - if($DefaultTimeOutexistst) + if ($DefaultTimeOutexistst) { $ApplicationPolicies += @{ - ApplicationId = "default" + ApplicationId = 'default' WebSessionIdleTimeout = "$DefaultTimeOut" } } - if($null -eq $ApplicationPolicies) + if ($null -eq $ApplicationPolicies) { - throw "At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified" + throw 'At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified' } - elseif($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) { + elseif ($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) + { $policy = @{ ActivityBasedTimeoutPolicy = @{ - Version = 1 + Version = 1 ApplicationPolicies = @( $ApplicationPolicies ) @@ -282,10 +293,10 @@ function Set-TargetResource $json = $policy | ConvertTo-Json -Depth 10 -Compress $params = @{ - definition = @( + definition = @( "$json" ) - displayName = "displayName-value" + displayName = 'displayName-value' isOrganizationDefault = $true } @@ -351,7 +362,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -451,7 +466,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` @@ -501,14 +520,15 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - DisplayName = $config.displayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + DisplayName = $config.displayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof index 01e7dcc4ab..d733bacd8b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof @@ -13,4 +13,5 @@ class MSFT_AADActivityBasedTimeoutPolicy : OMI_BaseResource [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 index 88b9e6c5f6..3aa77cfbdb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 @@ -117,7 +117,7 @@ function Get-TargetResource } elseif ($reviewer.Query.Contains('directory/roleAssignments?$')) { - $roleId = $reviewer.Query.Replace("/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq ", "").Replace("'", '') + $roleId = $reviewer.Query.Replace("/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq ", '').Replace("'", '') $roleInfo = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $roleId $entry = @{ ReviewerType = 'Role' @@ -274,8 +274,8 @@ function Set-TargetResource Write-Verbose -Message "Updating the Entra Id Admin Consent Request Policy with values: $updateJSON" $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/adminConsentRequestPolicy' Invoke-MgGraphRequest -Method 'PUT' ` - -Uri $Uri ` - -Body $updateJSON | Out-Null + -Uri $Uri ` + -Body $updateJSON | Out-Null } function Test-TargetResource @@ -358,7 +358,7 @@ function Test-TargetResource $testResult = $true foreach ($reviewer in $Reviewers) { - $currentEquivalent = $CurrentValues.Reviewers | Where-Object -FilterScript {$_.ReviewerId -eq $reviewer.ReviewerId -and $_.ReviewerType -eq $reviewer.ReviewerType} + $currentEquivalent = $CurrentValues.Reviewers | Where-Object -FilterScript { $_.ReviewerId -eq $reviewer.ReviewerId -and $_.ReviewerType -eq $reviewer.ReviewerType } if ($null -eq $currentEquivalent) { $testResult = $false @@ -482,7 +482,7 @@ function Export-TargetResource if ($Results.Reviewers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Reviewers" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Reviewers' -IsCIMArray:$true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 0685ca72c5..184a4d6c9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -92,8 +92,8 @@ function Get-TargetResource Write-Verbose -Message ($_) } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') @@ -114,7 +114,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $getValue = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $getValue = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -129,7 +129,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $getValue = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $getValue = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } else { @@ -1020,17 +1020,17 @@ function Export-TargetResource ErrorAction = 'Stop' } $queryTypes = @{ - 'eq' = @('description') - 'startsWith' = @('description') - 'eq null' = @( - 'description', - 'displayName' - ) + 'eq' = @('description') + 'startsWith' = @('description') + 'eq null' = @( + 'description', + 'displayName' + ) } #extract arguments from the query # Define the regex pattern to match all words in the query - $pattern = "([^\s,()]+)" + $pattern = '([^\s,()]+)' $query = $Filter # Match all words in the query @@ -1038,16 +1038,18 @@ function Export-TargetResource # Extract the matched argument into an array $arguments = @() - foreach ($match in $matches) { - $arguments += $match.Value + foreach ($match in $matches) + { + $arguments += $match.Value } #extracting keys to check vs arguments in the filter $Keys = $queryTypes.Keys $matchedKey = $arguments | Where-Object { $_ -in $Keys } - $matchedProperty = $arguments | Where-Object { $_ -in $queryTypes[$matchedKey]} - if ($matchedProperty -and $matchedKey) { + $matchedProperty = $arguments | Where-Object { $_ -in $queryTypes[$matchedKey] } + if ($matchedProperty -and $matchedKey) + { $allConditionsMatched = $true } @@ -1055,7 +1057,7 @@ function Export-TargetResource if ($allConditionsMatched -or $Filter -like '*endsWith*') { $ExportParameters.Add('CountVariable', 'count') - $ExportParameters.Add('headers', @{"ConsistencyLevel" = "Eventual"}) + $ExportParameters.Add('headers', @{'ConsistencyLevel' = 'Eventual' }) } [array] $Script:exportedInstances = Get-MgBetaDirectoryAdministrativeUnit @ExportParameters @@ -1145,9 +1147,9 @@ function Export-TargetResource if ($null -ne $Results.Members) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true - $currentDSCBlock = $currentDSCBlock.Replace("`",`"`r`n", "") + $currentDSCBlock = $currentDSCBlock.Replace("`",`"`r`n", '') $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '').Replace("`");`r`n", ");`r`n") - $currentDSCBlock = $currentDSCBlock.Replace("Members = @(`"", "Members = @(") + $currentDSCBlock = $currentDSCBlock.Replace("Members = @(`"", 'Members = @(') $currentDSCBlock = $currentDSCBlock.Replace("`$OrganizationName'", "' + `$OrganizationName") } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 69b7f58fa4..f60e307747 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -157,7 +157,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AADApp = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $AppId} + $AADApp = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $AppId } } else { @@ -176,7 +176,7 @@ function Get-TargetResource if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AADApp = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $AADApp = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } else { @@ -196,8 +196,8 @@ function Get-TargetResource { Write-Verbose -Message 'An instance of Azure AD App was retrieved.' - $AADBetaApp= Get-MgBetaApplication -Property "id,displayName,appId,authenticationBehaviors,additionalProperties" -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue - $AADAppKeyCredentials = Get-MgBetaApplication -Property "keyCredentials" -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue + $AADBetaApp = Get-MgBetaApplication -Property 'id,displayName,appId,authenticationBehaviors,additionalProperties' -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue + $AADAppKeyCredentials = Get-MgBetaApplication -Property 'keyCredentials' -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue $complexAuthenticationBehaviors = @{} if ($null -ne $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) @@ -212,7 +212,7 @@ function Get-TargetResource { $complexAuthenticationBehaviors.Add('RequireClientServicePrincipal', $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) } - if ($complexAuthenticationBehaviors.values.Where({$null -ne $_}).Count -eq 0) + if ($complexAuthenticationBehaviors.values.Where({ $null -ne $_ }).Count -eq 0) { $complexAuthenticationBehaviors = $null } @@ -225,12 +225,12 @@ function Get-TargetResource $myAccessToken.Add('Essential', $currentAccessToken.essential) $myAccessToken.Add('Name', $currentAccessToken.name) $myAccessToken.Add('Source', $currentAccessToken.source) - if ($myAccessToken.values.Where({$null -ne $_}).Count -gt 0) + if ($myAccessToken.values.Where({ $null -ne $_ }).Count -gt 0) { $complexAccessToken += $myAccessToken } } - $complexOptionalClaims.Add('AccessToken',$complexAccessToken) + $complexOptionalClaims.Add('AccessToken', $complexAccessToken) $complexIdToken = @() foreach ($currentIdToken in $AADApp.optionalClaims.idToken) { @@ -238,12 +238,12 @@ function Get-TargetResource $myIdToken.Add('Essential', $currentIdToken.essential) $myIdToken.Add('Name', $currentIdToken.name) $myIdToken.Add('Source', $currentIdToken.source) - if ($myIdToken.values.Where({$null -ne $_}).Count -gt 0) + if ($myIdToken.values.Where({ $null -ne $_ }).Count -gt 0) { $complexIdToken += $myIdToken } } - $complexOptionalClaims.Add('IdToken',$complexIdToken) + $complexOptionalClaims.Add('IdToken', $complexIdToken) $complexSaml2Token = @() foreach ($currentSaml2Token in $AADApp.optionalClaims.saml2Token) { @@ -251,13 +251,13 @@ function Get-TargetResource $mySaml2Token.Add('Essential', $currentSaml2Token.essential) $mySaml2Token.Add('Name', $currentSaml2Token.name) $mySaml2Token.Add('Source', $currentSaml2Token.source) - if ($mySaml2Token.values.Where({$null -ne $_}).Count -gt 0) + if ($mySaml2Token.values.Where({ $null -ne $_ }).Count -gt 0) { $complexSaml2Token += $mySaml2Token } } - $complexOptionalClaims.Add('Saml2Token',$complexSaml2Token) - if ($complexOptionalClaims.values.Where({$null -ne $_}).Count -eq 0) + $complexOptionalClaims.Add('Saml2Token', $complexSaml2Token) + if ($complexOptionalClaims.values.Where({ $null -ne $_ }).Count -eq 0) { $complexOptionalClaims = $null } @@ -270,13 +270,13 @@ function Get-TargetResource $myPreAuthorizedApplications = @{} $myPreAuthorizedApplications.Add('AppId', $currentPreAuthorizedApplications.appId) $myPreAuthorizedApplications.Add('PermissionIds', $currentPreAuthorizedApplications.permissionIds) - if ($myPreAuthorizedApplications.values.Where({$null -ne $_}).Count -gt 0) + if ($myPreAuthorizedApplications.values.Where({ $null -ne $_ }).Count -gt 0) { $complexPreAuthorizedApplications += $myPreAuthorizedApplications } } - $complexApi.Add('PreAuthorizedApplications',$complexPreAuthorizedApplications) - if ($complexApi.values.Where({$null -ne $_}).Count -eq 0) + $complexApi.Add('PreAuthorizedApplications', $complexPreAuthorizedApplications) + if ($complexApi.values.Where({ $null -ne $_ }).Count -eq 0) { $complexApi = $null } @@ -285,7 +285,7 @@ function Get-TargetResource foreach ($currentkeyCredentials in $AADAppKeyCredentials.keyCredentials) { $mykeyCredentials = @{} - if($null -ne $currentkeyCredentials.customKeyIdentifier) + if ($null -ne $currentkeyCredentials.customKeyIdentifier) { $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) } @@ -297,7 +297,7 @@ function Get-TargetResource $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) - if($null -ne $currentkeyCredentials.Key) + if ($null -ne $currentkeyCredentials.Key) { $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) } @@ -308,7 +308,7 @@ function Get-TargetResource } $mykeyCredentials.Add('Type', $currentkeyCredentials.type) $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) - if ($mykeyCredentials.values.Where({$null -ne $_}).Count -gt 0) + if ($mykeyCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { $complexKeyCredentials += $mykeyCredentials } @@ -329,7 +329,7 @@ function Get-TargetResource { $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) } - if ($mypasswordCredentials.values.Where({$null -ne $_}).Count -gt 0) + if ($mypasswordCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { $complexPasswordCredentials += $mypasswordCredentials } @@ -346,7 +346,7 @@ function Get-TargetResource $myappRoles.Add('IsEnabled', $currentappRoles.isEnabled) $myappRoles.Add('Origin', $currentappRoles.origin) $myappRoles.Add('Value', $currentappRoles.value) - if ($myappRoles.values.Where({$null -ne $_}).Count -gt 0) + if ($myappRoles.values.Where({ $null -ne $_ }).Count -gt 0) { $complexAppRoles += $myappRoles } @@ -393,8 +393,8 @@ function Get-TargetResource { $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" $oppInfo = Invoke-MgGraphRequest -Method GET ` - -Uri $Uri ` - -ErrorAction SilentlyContinue + -Uri $Uri ` + -ErrorAction SilentlyContinue } catch { @@ -451,7 +451,7 @@ function Get-TargetResource kerberosServicePrincipalName = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosServicePrincipalName kerberosSignOnMappingAttributeType = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosSignOnMappingAttributeType } - singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode + singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode } $onPremisesPublishingValue.Add('singleSignOnSettings', $singleSignOnValues) } @@ -722,7 +722,7 @@ function Set-TargetResource $currentParameters.Remove('PasswordCredentials') | Out-Null if ($PasswordCredentials) { - Write-Warning -Message "PasswordCredentials is a readonly property and cannot be configured." + Write-Warning -Message 'PasswordCredentials is a readonly property and cannot be configured.' } @@ -825,13 +825,13 @@ function Set-TargetResource # Create from Template $createdFromTemplate = $false if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent' -and -not $skipToUpdate -and ` - -not [System.String]::IsNullOrEmpty($ApplicationTemplateId) -and ` - $ApplicationTemplateId -ne '8adf8e6e-67b2-4cf2-a259-e3dc5476c621') + -not [System.String]::IsNullOrEmpty($ApplicationTemplateId) -and ` + $ApplicationTemplateId -ne '8adf8e6e-67b2-4cf2-a259-e3dc5476c621') { $skipToUpdate = $true Write-Verbose -Message "Creating application {$DisplayName} from Application Template {$ApplicationTemplateId}" $newApp = Invoke-MgBetaInstantiateApplicationTemplate -DisplayName $DisplayName ` - -ApplicationTemplateId $ApplicationTemplateId + -ApplicationTemplateId $ApplicationTemplateId $currentAADApp = @{ AppId = $newApp.Application.AppId Id = $newApp.Application.AppId @@ -999,7 +999,7 @@ function Set-TargetResource if ($null -eq $scope) { $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($permission.Name,[System.Management.Automation.PSReference]$ObjectGuid)) + if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) { $scopeId = $permission.Name } @@ -1022,7 +1022,7 @@ function Set-TargetResource if ($null -eq $role) { $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($permission.Name,[System.Management.Automation.PSReference]$ObjectGuid)) + if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) { $roleId = $permission.Name } @@ -1052,31 +1052,31 @@ function Set-TargetResource -RequiredResourceAccess $allRequiredAccess | Out-Null } - if($needToUpdateAuthenticationBehaviors -and $AuthenticationBehaviors) + if ($needToUpdateAuthenticationBehaviors -and $AuthenticationBehaviors) { Write-Verbose -Message "Updating for Azure AD Application {$($currentAADApp.DisplayName)} with AuthenticationBehaviors:`r`n$($AuthenticationBehaviors| Out-String)" Write-Verbose -Message "Current App Id: $($currentAADApp.AppId)" $IAuthenticationBehaviors = @{ - blockAzureADGraphAccess = $AuthenticationBehaviors.blockAzureADGraphAccess - removeUnverifiedEmailClaim = $AuthenticationBehaviors.removeUnverifiedEmailClaim + blockAzureADGraphAccess = $AuthenticationBehaviors.blockAzureADGraphAccess + removeUnverifiedEmailClaim = $AuthenticationBehaviors.removeUnverifiedEmailClaim requireClientServicePrincipal = $AuthenticationBehaviors.requireClientServicePrincipal } Update-MgBetaApplication -ApplicationId $currentAADApp.Id -AuthenticationBehaviors $IAuthenticationBehaviors | Out-Null } - if($needToUpdateKeyCredentials -and $KeyCredentials) + if ($needToUpdateKeyCredentials -and $KeyCredentials) { Write-Verbose -Message "Updating for Azure AD Application {$($currentAADApp.DisplayName)} with KeyCredentials:`r`n$($KeyCredentials| Out-String)" - if((currentAADApp.KeyCredentials.Length -eq 0 -and $KeyCredentials.Length -eq 1) -or (currentAADApp.KeyCredentials.Length -eq 1 -and $KeyCredentials.Length -eq 0)) + if ((currentAADApp.KeyCredentials.Length -eq 0 -and $KeyCredentials.Length -eq 1) -or (currentAADApp.KeyCredentials.Length -eq 1 -and $KeyCredentials.Length -eq 0)) { Update-MgApplication -ApplicationId $currentAADApp.Id -KeyCredentials $KeyCredentials | Out-Null } else { - Write-Warning -Message "KeyCredentials cannot be updated for AAD Applications with more than one KeyCredentials due to technical limitation of Update-MgApplication Cmdlet. Learn more at: https://learn.microsoft.com/en-us/graph/api/application-addkey" + Write-Warning -Message 'KeyCredentials cannot be updated for AAD Applications with more than one KeyCredentials due to technical limitation of Update-MgApplication Cmdlet. Learn more at: https://learn.microsoft.com/en-us/graph/api/application-addkey' } } @@ -1132,7 +1132,7 @@ function Set-TargetResource kerberosServicePrincipalName = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosServicePrincipalName kerberosSignOnMappingAttributeType = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosSignOnMappingAttributeType } - singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode + singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode } if ($null -eq $singleSignOnValues.kerberosSignOnSettings.kerberosServicePrincipalName) { @@ -1145,8 +1145,8 @@ function Set-TargetResource $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing" Invoke-MgGraphRequest -Method 'PATCH' ` - -Uri $Uri ` - -Body $onPremisesPayload + -Uri $Uri ` + -Body $onPremisesPayload } #endregion } @@ -1353,7 +1353,8 @@ function Test-TargetResource Write-Verbose "TestResult returned False for $source" $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -1367,12 +1368,12 @@ function Test-TargetResource $ValuesToCheck.Remove('Permissions') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -1481,20 +1482,20 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'Api' + Name = 'Api' CimInstanceName = 'MicrosoftGraphApiApplication' - IsRequired = $False + IsRequired = $False } @{ - Name = 'PreAuthorizedApplications' + Name = 'PreAuthorizedApplications' CimInstanceName = 'MicrosoftGraphPreAuthorizedApplication' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.Api ` - -CIMInstanceName 'MicrosoftGraphapiApplication' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.Api ` + -CIMInstanceName 'MicrosoftGraphapiApplication' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -1509,8 +1510,8 @@ function Export-TargetResource if ($null -ne $Results.AuthenticationBehaviors) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.AuthenticationBehaviors ` - -CIMInstanceName 'MicrosoftGraphauthenticationBehaviors' + -ComplexObject $Results.AuthenticationBehaviors ` + -CIMInstanceName 'MicrosoftGraphauthenticationBehaviors' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.AuthenticationBehaviors = $complexTypeStringResult @@ -1525,24 +1526,24 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'singleSignOnSettings' + Name = 'singleSignOnSettings' CimInstanceName = 'AADApplicationOnPremisesPublishingSingleSignOnSetting' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'onPremisesApplicationSegments' + Name = 'onPremisesApplicationSegments' CimInstanceName = 'AADApplicationOnPremisesPublishingSegment' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'kerberosSignOnSettings' + Name = 'kerberosSignOnSettings' CimInstanceName = 'AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'corsConfigurations' + Name = 'corsConfigurations' CimInstanceName = 'AADApplicationOnPremisesPublishingSegmentCORS' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -1567,30 +1568,30 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'OptionalClaims' + Name = 'OptionalClaims' CimInstanceName = 'MicrosoftGraphOptionalClaims' - IsRequired = $False + IsRequired = $False } @{ - Name = 'AccessToken' + Name = 'AccessToken' CimInstanceName = 'MicrosoftGraphOptionalClaim' - IsRequired = $False + IsRequired = $False } @{ - Name = 'IdToken' + Name = 'IdToken' CimInstanceName = 'MicrosoftGraphOptionalClaim' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Saml2Token' + Name = 'Saml2Token' CimInstanceName = 'MicrosoftGraphOptionalClaim' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.OptionalClaims ` - -CIMInstanceName 'MicrosoftGraphoptionalClaims' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.OptionalClaims ` + -CIMInstanceName 'MicrosoftGraphoptionalClaims' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -1606,8 +1607,8 @@ function Export-TargetResource if ($null -ne $Results.KeyCredentials) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KeyCredentials ` - -CIMInstanceName 'MicrosoftGraphkeyCredential' + -ComplexObject $Results.KeyCredentials ` + -CIMInstanceName 'MicrosoftGraphkeyCredential' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.KeyCredentials = $complexTypeStringResult @@ -1621,8 +1622,8 @@ function Export-TargetResource if ($null -ne $Results.PasswordCredentials) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.PasswordCredentials ` - -CIMInstanceName 'MicrosoftGraphpasswordCredential' + -ComplexObject $Results.PasswordCredentials ` + -CIMInstanceName 'MicrosoftGraphpasswordCredential' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.PasswordCredentials = $complexTypeStringResult @@ -1636,8 +1637,8 @@ function Export-TargetResource if ($null -ne $Results.AppRoles) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.AppRoles ` - -CIMInstanceName 'MicrosoftGraphappRole' + -ComplexObject $Results.AppRoles ` + -CIMInstanceName 'MicrosoftGraphappRole' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.AppRoles = $complexTypeStringResult @@ -1656,7 +1657,7 @@ function Export-TargetResource if ($Results.Api) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Api" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Api' -IsCIMArray:$False } if ($null -ne $Results.Permissions) @@ -1666,30 +1667,30 @@ function Export-TargetResource } if ($Results.OptionalClaims) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OptionalClaims" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OptionalClaims' -IsCIMArray:$False } if ($Results.OnPremisesPublishing) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OnPremisesPublishing" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OnPremisesPublishing' -IsCIMArray:$False } if ($Results.AuthenticationBehaviors) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AuthenticationBehaviors" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AuthenticationBehaviors' -IsCIMArray:$False } if ($Results.KeyCredentials) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyCredentials" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KeyCredentials' -IsCIMArray:$True } if ($Results.PasswordCredentials) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PasswordCredentials" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PasswordCredentials' -IsCIMArray:$True } if ($Results.AppRoles) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AppRoles" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AppRoles' -IsCIMArray:$True } $dscContent.Append($currentDSCBlock) | Out-Null @@ -1701,7 +1702,7 @@ function Export-TargetResource } catch { - if ($_.Exception.Message -like "*Multiple AAD Apps with the Displayname*") + if ($_.Exception.Message -like '*Multiple AAD Apps with the Displayname*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle)" -NoNewline Write-Host " Multiple app instances wth name {$($AADApp.DisplayName)} were found. We will skip exporting these instances." @@ -1754,7 +1755,7 @@ function Get-M365DSCAzureADAppPermissions if ($null -eq $scopeInfo) { $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($resourceAccess.Id,[System.Management.Automation.PSReference]$ObjectGuid)) + if ([System.Guid]::TryParse($resourceAccess.Id, [System.Management.Automation.PSReference]$ObjectGuid)) { $scopeInfoValue = $resourceAccess.Id } @@ -1789,7 +1790,7 @@ function Get-M365DSCAzureADAppPermissions if ($null -eq $role) { $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($resourceAccess.Id,[System.Management.Automation.PSReference]$ObjectGuid)) + if ([System.Guid]::TryParse($resourceAccess.Id, [System.Management.Automation.PSReference]$ObjectGuid)) { $roleValue = $resourceAccess.Id } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 index ee160a0fba..759be2e842 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 @@ -13,7 +13,7 @@ function Get-TargetResource $Description, [Parameter()] - [ValidateRange(1,500)] + [ValidateRange(1, 500)] [System.Int32] $MaxAttributesPerSet = $null, @@ -74,8 +74,8 @@ function Get-TargetResource $getValue = $null $getValue = Get-MgBetaDirectoryAttributeSet ` - -AttributeSetId $Id ` - -ErrorAction SilentlyContinue + -AttributeSetId $Id ` + -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -126,7 +126,7 @@ function Set-TargetResource $Description, [Parameter()] - [ValidateRange(1,500)] + [ValidateRange(1, 500)] [System.Int32] $MaxAttributesPerSet = $null, @@ -208,7 +208,7 @@ function Test-TargetResource $Description, [Parameter()] - [ValidateRange(1,500)] + [ValidateRange(1, 500)] [System.Int32] $MaxAttributesPerSet = $null, @@ -381,7 +381,7 @@ function Export-TargetResource } catch { - if ($_.ErrorDetails.Message -like "*Insufficient privileges*") + if ($_.ErrorDetails.Message -like '*Insufficient privileges*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) Insufficient permissions or license to export Attribute Sets." } @@ -389,10 +389,10 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } return '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/settings.json index 227706211e..e43f48ff9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/settings.json @@ -12,10 +12,8 @@ "permissions": { "graph": { "delegated": { - "read": [ - ], - "update": [ - ] + "read": [], + "update": [] }, "application": { "read": [ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 index 3044c0388e..d889676bfd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/MSFT_AADAuthenticationContextClassReference.psm1 @@ -79,8 +79,8 @@ function Get-TargetResource $getValue = $null $getValue = Get-MgBetaIdentityConditionalAccessAuthenticationContextClassReference ` - -AuthenticationContextClassReferenceId $Id ` - -ErrorAction SilentlyContinue + -AuthenticationContextClassReferenceId $Id ` + -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -370,7 +370,7 @@ function Export-TargetResource $Global:M365DSCExportResourceInstancesCount++ } - $displayedKey = $config.Id + " - " + $config.DisplayName + $displayedKey = $config.Id + ' - ' + $config.DisplayName Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json index 60045eb8e5..0e333901c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationContextClassReference/settings.json @@ -12,10 +12,8 @@ "permissions": { "graph": { "delegated": { - "read": [ - ], - "update": [ - ] + "read": [], + "update": [] }, "application": { "read": [ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationFlowPolicy/MSFT_AADAuthenticationFlowPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationFlowPolicy/MSFT_AADAuthenticationFlowPolicy.psm1 index d9ff57506c..e6587bf8fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationFlowPolicy/MSFT_AADAuthenticationFlowPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationFlowPolicy/MSFT_AADAuthenticationFlowPolicy.psm1 @@ -338,14 +338,14 @@ function Export-TargetResource } $Params = @{ - IsSingleInstance = 'Yes' - Credential = $Credential - ApplicationId = $ApplicationId - ApplicationSecret = $ApplicationSecret - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + ApplicationSecret = $ApplicationSecret + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index f67f0d12f3..be5b8e6c1a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource $DisplayName, [Parameter()] - [ValidateSet('preMigration','migrationInProgress','migrationComplete','unknownFutureValue')] + [ValidateSet('preMigration', 'migrationInProgress', 'migrationComplete', 'unknownFutureValue')] [System.String] $PolicyMigrationState, @@ -114,8 +114,8 @@ function Get-TargetResource -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` $_.DisplayName -eq "$($DisplayName)" ` - -and $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.AuthenticationMethodsPolicy" ` - } + -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.AuthenticationMethodsPolicy' ` + } } } #endregion @@ -139,12 +139,12 @@ function Get-TargetResource { $myExcludeTargets.Add('TargetType', $currentExcludeTargets.targetType.toString()) } - if ($myExcludeTargets.values.Where({$null -ne $_}).count -gt 0) + if ($myExcludeTargets.values.Where({ $null -ne $_ }).count -gt 0) { $complexExcludeTargets += $myExcludeTargets } } - $complexAuthenticationMethodsRegistrationCampaign.Add('ExcludeTargets',$complexExcludeTargets) + $complexAuthenticationMethodsRegistrationCampaign.Add('ExcludeTargets', $complexExcludeTargets) $complexIncludeTargets = @() foreach ($currentIncludeTargets in $getValue.registrationEnforcement.authenticationMethodsRegistrationCampaign.includeTargets) { @@ -155,23 +155,23 @@ function Get-TargetResource { $myIncludeTargets.Add('TargetType', $currentIncludeTargets.targetType.toString()) } - if ($myIncludeTargets.values.Where({$null -ne $_}).count -gt 0) + if ($myIncludeTargets.values.Where({ $null -ne $_ }).count -gt 0) { $complexIncludeTargets += $myIncludeTargets } } - $complexAuthenticationMethodsRegistrationCampaign.Add('IncludeTargets',$complexIncludeTargets) + $complexAuthenticationMethodsRegistrationCampaign.Add('IncludeTargets', $complexIncludeTargets) $complexAuthenticationMethodsRegistrationCampaign.Add('SnoozeDurationInDays', $getValue.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays) if ($null -ne $getValue.registrationEnforcement.authenticationMethodsRegistrationCampaign.state) { $complexAuthenticationMethodsRegistrationCampaign.Add('State', $getValue.registrationEnforcement.authenticationMethodsRegistrationCampaign.state.toString()) } - if ($complexAuthenticationMethodsRegistrationCampaign.values.Where({$null -ne $_}).count -eq 0) + if ($complexAuthenticationMethodsRegistrationCampaign.values.Where({ $null -ne $_ }).count -eq 0) { $complexAuthenticationMethodsRegistrationCampaign = $null } - $complexRegistrationEnforcement.Add('AuthenticationMethodsRegistrationCampaign',$complexAuthenticationMethodsRegistrationCampaign) - if ($complexRegistrationEnforcement.values.Where({$null -ne $_}).count -eq 0) + $complexRegistrationEnforcement.Add('AuthenticationMethodsRegistrationCampaign', $complexAuthenticationMethodsRegistrationCampaign) + if ($complexRegistrationEnforcement.values.Where({ $null -ne $_ }).count -eq 0) { $complexRegistrationEnforcement = $null } @@ -183,17 +183,17 @@ function Get-TargetResource { $newComplexIncludeTarget.Add('TargetType', $getValue.ReportSuspiciousActivitySettings.IncludeTarget.targetType.toString()) } - $complexReportSuspiciousActivitySettings.Add('IncludeTarget',$newComplexIncludeTarget) + $complexReportSuspiciousActivitySettings.Add('IncludeTarget', $newComplexIncludeTarget) if ($null -ne $getValue.ReportSuspiciousActivitySettings.state) { $complexReportSuspiciousActivitySettings.Add('State', $getValue.ReportSuspiciousActivitySettings.state.toString()) } - if($null -ne $getValue.ReportSuspiciousActivitySettings.VoiceReportingCode) + if ($null -ne $getValue.ReportSuspiciousActivitySettings.VoiceReportingCode) { $complexReportSuspiciousActivitySettings.Add('VoiceReportingCode', $getValue.ReportSuspiciousActivitySettings.VoiceReportingCode) } - if ($complexReportSuspiciousActivitySettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexReportSuspiciousActivitySettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexReportSuspiciousActivitySettings = $null } @@ -208,12 +208,12 @@ function Get-TargetResource { $myExcludeTargets.Add('TargetType', $currentExcludeTargets.targetType.toString()) } - if ($myExcludeTargets.values.Where({$null -ne $_}).count -gt 0) + if ($myExcludeTargets.values.Where({ $null -ne $_ }).count -gt 0) { $complexExcludeTargets += $myExcludeTargets } } - $complexSystemCredentialPreferences.Add('ExcludeTargets',$complexExcludeTargets) + $complexSystemCredentialPreferences.Add('ExcludeTargets', $complexExcludeTargets) $complexIncludeTargets = @() foreach ($currentIncludeTargets in $getValue.SystemCredentialPreferences.includeTargets) { @@ -223,17 +223,17 @@ function Get-TargetResource { $myIncludeTargets.Add('TargetType', $currentIncludeTargets.targetType.toString()) } - if ($myIncludeTargets.values.Where({$null -ne $_}).count -gt 0) + if ($myIncludeTargets.values.Where({ $null -ne $_ }).count -gt 0) { $complexIncludeTargets += $myIncludeTargets } } - $complexSystemCredentialPreferences.Add('IncludeTargets',$complexIncludeTargets) + $complexSystemCredentialPreferences.Add('IncludeTargets', $complexIncludeTargets) if ($null -ne $getValue.SystemCredentialPreferences.state) { $complexSystemCredentialPreferences.Add('State', $getValue.SystemCredentialPreferences.state.toString()) } - if ($complexSystemCredentialPreferences.values.Where({$null -ne $_}).count -eq 0) + if ($complexSystemCredentialPreferences.values.Where({ $null -ne $_ }).count -eq 0) { $complexSystemCredentialPreferences = $null } @@ -249,23 +249,23 @@ function Get-TargetResource $results = @{ #region resource generator code - Description = $getValue.Description - DisplayName = $getValue.DisplayName - PolicyMigrationState = $enumPolicyMigrationState - PolicyVersion = $getValue.PolicyVersion - ReconfirmationInDays = $getValue.ReconfirmationInDays - RegistrationEnforcement = $complexRegistrationEnforcement + Description = $getValue.Description + DisplayName = $getValue.DisplayName + PolicyMigrationState = $enumPolicyMigrationState + PolicyVersion = $getValue.PolicyVersion + ReconfirmationInDays = $getValue.ReconfirmationInDays + RegistrationEnforcement = $complexRegistrationEnforcement ReportSuspiciousActivitySettings = $complexReportSuspiciousActivitySettings - SystemCredentialPreferences = $complexSystemCredentialPreferences - Id = $getValue.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + SystemCredentialPreferences = $complexSystemCredentialPreferences + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens #endregion } @@ -298,7 +298,7 @@ function Set-TargetResource $DisplayName, [Parameter()] - [ValidateSet('preMigration','migrationInProgress','migrationComplete','unknownFutureValue')] + [ValidateSet('preMigration', 'migrationInProgress', 'migrationComplete', 'unknownFutureValue')] [System.String] $PolicyMigrationState, @@ -379,7 +379,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Azure AD Authentication Method Policy instance cannot be created" + Write-Verbose -Message 'Azure AD Authentication Method Policy instance cannot be created' } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -399,7 +399,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.AuthenticationMethodsPolicy") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.AuthenticationMethodsPolicy') Write-Verbose -Message "Updating AuthenticationMethodPolicy with: `r`n$(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)" Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters #endregion @@ -422,7 +422,7 @@ function Test-TargetResource $DisplayName, [Parameter()] - [ValidateSet('preMigration','migrationInProgress','migrationComplete','unknownFutureValue')] + [ValidateSet('preMigration', 'migrationInProgress', 'migrationComplete', 'unknownFutureValue')] [System.String] $PolicyMigrationState, @@ -603,7 +603,7 @@ function Export-TargetResource { #region resource generator code [array]$getValue = Get-MgBetaPolicyAuthenticationMethodPolicy ` - -ErrorAction Stop | Where-Object -FilterScript {$null -ne $_.DisplayName} + -ErrorAction Stop | Where-Object -FilterScript { $null -ne $_.DisplayName } #endregion $i = 1 @@ -631,7 +631,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -649,24 +649,24 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'RegistrationEnforcement' + Name = 'RegistrationEnforcement' CimInstanceName = 'MicrosoftGraphRegistrationEnforcement' - IsRequired = $False + IsRequired = $False } @{ - Name = 'AuthenticationMethodsRegistrationCampaign' + Name = 'AuthenticationMethodsRegistrationCampaign' CimInstanceName = 'MicrosoftGraphAuthenticationMethodsRegistrationCampaign' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ExcludeTargets' + Name = 'ExcludeTargets' CimInstanceName = 'MicrosoftGraphExcludeTarget' - IsRequired = $False + IsRequired = $False } @{ - Name = 'IncludeTargets' + Name = 'IncludeTargets' CimInstanceName = 'MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -688,14 +688,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'ReportSuspiciousActivitySettings' + Name = 'ReportSuspiciousActivitySettings' CimInstanceName = 'MicrosoftGraphReportSuspiciousActivitySettings' - IsRequired = $False + IsRequired = $False } @{ - Name = 'IncludeTarget' + Name = 'IncludeTarget' CimInstanceName = 'AADAuthenticationMethodPolicyIncludeTarget' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -718,19 +718,19 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'SystemCredentialPreferences' + Name = 'SystemCredentialPreferences' CimInstanceName = 'MicrosoftGraphSystemCredentialPreferences' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ExcludeTargets' + Name = 'ExcludeTargets' CimInstanceName = 'AADAuthenticationMethodPolicyExcludeTarget' - IsRequired = $False + IsRequired = $False } @{ - Name = 'IncludeTargets' + Name = 'IncludeTargets' CimInstanceName = 'AADAuthenticationMethodPolicyIncludeTarget' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -755,16 +755,16 @@ function Export-TargetResource -Credential $Credential if ($Results.RegistrationEnforcement) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "RegistrationEnforcement" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'RegistrationEnforcement' -IsCIMArray:$False } if ($Results.SystemCredentialPreferences) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SystemCredentialPreferences" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SystemCredentialPreferences' -IsCIMArray:$False } if ($Results.ReportSuspiciousActivitySettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ReportSuspiciousActivitySettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ReportSuspiciousActivitySettings' -IsCIMArray:$False } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index 121463a947..f65651139d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -103,7 +103,7 @@ function Get-TargetResource #region resource generator code $complexFeatureSettings = @{} - Write-Verbose "Processing FeatureSettings > companionAppAllowedState > excludeTarget" + Write-Verbose 'Processing FeatureSettings > companionAppAllowedState > excludeTarget' $complexCompanionAppAllowedState = @{} $complexExcludeTarget = @{} if ($getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') @@ -146,7 +146,7 @@ function Get-TargetResource } $complexCompanionAppAllowedState.Add('ExcludeTarget', $complexExcludeTarget) - Write-Verbose "Processing FeatureSettings > companionAppAllowedState > includeTarget" + Write-Verbose 'Processing FeatureSettings > companionAppAllowedState > includeTarget' $complexIncludeTarget = @{} if ($getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') { @@ -188,7 +188,7 @@ function Get-TargetResource } $complexCompanionAppAllowedState.Add('IncludeTarget', $complexIncludeTarget) - Write-Verbose "Processing FeatureSettings > companionAppAllowedState > state" + Write-Verbose 'Processing FeatureSettings > companionAppAllowedState > state' if ($null -ne $getValue.additionalProperties.featureSettings.companionAppAllowedState.state) { $complexCompanionAppAllowedState.Add('State', $getValue.additionalProperties.featureSettings.companionAppAllowedState.state.toString()) @@ -202,7 +202,7 @@ function Get-TargetResource $complexFeatureSettings.Add('CompanionAppAllowedState', $complexCompanionAppAllowedState) $complexDisplayAppInformationRequiredState = @{} - Write-Verbose "Processing FeatureSettings > displayAppInformationRequiredState > excludeTarget" + Write-Verbose 'Processing FeatureSettings > displayAppInformationRequiredState > excludeTarget' $complexExcludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') { @@ -243,7 +243,7 @@ function Get-TargetResource } $complexDisplayAppInformationRequiredState.Add('ExcludeTarget', $complexExcludeTarget) - Write-Verbose "Processing FeatureSettings > displayAppInformationRequiredState > includeTarget" + Write-Verbose 'Processing FeatureSettings > displayAppInformationRequiredState > includeTarget' $complexIncludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') { @@ -285,7 +285,7 @@ function Get-TargetResource } $complexDisplayAppInformationRequiredState.Add('IncludeTarget', $complexIncludeTarget) - Write-Verbose "Processing FeatureSettings > displayAppInformationRequiredState > state" + Write-Verbose 'Processing FeatureSettings > displayAppInformationRequiredState > state' if ($null -ne $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.state) { $complexDisplayAppInformationRequiredState.Add('State', $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.state.toString()) @@ -298,7 +298,7 @@ function Get-TargetResource $complexFeatureSettings.Add('DisplayAppInformationRequiredState', $complexDisplayAppInformationRequiredState) - Write-Verbose "Processing FeatureSettings > displayLocationInformationRequiredState > excludeTarget" + Write-Verbose 'Processing FeatureSettings > displayLocationInformationRequiredState > excludeTarget' $complexDisplayLocationInformationRequiredState = @{} $complexExcludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') @@ -342,7 +342,7 @@ function Get-TargetResource $complexDisplayLocationInformationRequiredState.Add('ExcludeTarget', $complexExcludeTarget) - Write-Verbose "Processing FeatureSettings > displayLocationInformationRequiredState > includeTarget" + Write-Verbose 'Processing FeatureSettings > displayLocationInformationRequiredState > includeTarget' $complexIncludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') { @@ -385,7 +385,7 @@ function Get-TargetResource $complexDisplayLocationInformationRequiredState.Add('IncludeTarget', $complexIncludeTarget) - Write-Verbose "Processing FeatureSettings > displayLocationInformationRequiredState > state" + Write-Verbose 'Processing FeatureSettings > displayLocationInformationRequiredState > state' if ($null -ne $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.state) { $complexDisplayLocationInformationRequiredState.Add('State', $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.state.toString()) @@ -592,64 +592,64 @@ function Set-TargetResource # replace group Displayname with group id if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -and ` - $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) { Write-Verbose -Message 'Retrieving companionAppAllowedState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid) + $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id', $groupid) } if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -and ` - $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) { Write-Verbose -Message 'Retrieving companionAppAllowedState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid) + $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id', $groupid) } if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -and ` - $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) { Write-Verbose -Message 'Retrieving displayAppInformationRequiredState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid) + $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id', $groupid) } if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -and ` - $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) { Write-Verbose -Message 'Retrieving displayAppInformationRequiredState exclude target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid) + $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id', $groupid) } if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -and ` - $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) { Write-Verbose -Message 'Retrieving displayLocationInformationRequiredState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid) + $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id', $groupid) } if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -and ` - $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) { Write-Verbose -Message 'Retrieving displayLocationInformationRequiredState exclude target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.foreach('id',$groupid) + $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.foreach('id', $groupid) } # DEPRECATED if ($UpdateParameters.featureSettings.ContainsKey('NumberMatchingRequiredState')) { - Write-Verbose -Message "The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration." + Write-Verbose -Message 'The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration.' $UpdateParameters.featureSettings.Remove('NumberMatchingRequiredState') } @@ -885,7 +885,7 @@ function Export-TargetResource #region resource generator code [array]$getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` -AuthenticationMethodConfigurationId MicrosoftAuthenticator ` - -ErrorAction Stop | Where-Object -FilterScript {$null -ne $_.Id} + -ErrorAction Stop | Where-Object -FilterScript { $null -ne $_.Id } #endregion $i = 1 @@ -1028,7 +1028,7 @@ function Export-TargetResource $currentDSCBlock = Remove-M365DSCCimInstanceTrailingCharacterFromExport -DSCBlock $currentDSCBlock # FIX #3645 - $currentDSCBlock = $currentDSCBlock.Replace("} State = 'default'`r`n","}`r`n State = 'default'`r`n") + $currentDSCBlock = $currentDSCBlock.Replace("} State = 'default'`r`n", "}`r`n State = 'default'`r`n") $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyEmail/MSFT_AADAuthenticationMethodPolicyEmail.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyEmail/MSFT_AADAuthenticationMethodPolicyEmail.psm1 index 120f294f03..a7007111ec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyEmail/MSFT_AADAuthenticationMethodPolicyEmail.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyEmail/MSFT_AADAuthenticationMethodPolicyEmail.psm1 @@ -320,7 +320,7 @@ function Set-TargetResource } if ($key -eq 'IncludeTargets') { - Write-Verbose -Message "Processing IncludeTargets" + Write-Verbose -Message 'Processing IncludeTargets' $i = 0 foreach ($entry in $UpdateParameters.$key) { @@ -334,7 +334,7 @@ function Set-TargetResource } if ($key -eq 'ExcludeTargets') { - Write-Verbose -Message "Processing ExcludeTargets" + Write-Verbose -Message 'Processing ExcludeTargets' $i = 0 foreach ($entry in $UpdateParameters.$key) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 index 66066badf9..71598a41d3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 @@ -105,7 +105,7 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Authentication Method Policy Fido2 with Id {$Id} was found." #region resource generator code - Write-Verbose "Processing KeyRestrictions" + Write-Verbose 'Processing KeyRestrictions' $complexKeyRestrictions = @{} $complexKeyRestrictions.Add('AaGuids', $getValue.AdditionalProperties.keyRestrictions.aaGuids) if ($null -ne $getValue.AdditionalProperties.keyRestrictions.enforcementType) @@ -118,7 +118,7 @@ function Get-TargetResource $complexKeyRestrictions = $null } - Write-Verbose "Processing ExcludeTargets" + Write-Verbose 'Processing ExcludeTargets' $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) { @@ -158,7 +158,7 @@ function Get-TargetResource } #endregion - Write-Verbose "Processing IncludeTargets" + Write-Verbose 'Processing IncludeTargets' $complexIncludeTargets = @() foreach ($currentIncludeTargets in $getValue.AdditionalProperties.includeTargets) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/MSFT_AADAuthenticationMethodPolicySms.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/MSFT_AADAuthenticationMethodPolicySms.psm1 index f0cc33f024..89aa38ef21 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/MSFT_AADAuthenticationMethodPolicySms.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/MSFT_AADAuthenticationMethodPolicySms.psm1 @@ -93,7 +93,7 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Authentication Method Policy Sms with Id {$Id} was found." #region resource generator code - Write-Verbose -Message "Processing ExcludeTargets" + Write-Verbose -Message 'Processing ExcludeTargets' $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) { @@ -133,7 +133,7 @@ function Get-TargetResource } #endregion - Write-Verbose -Message "Processing IncludeTargets" + Write-Verbose -Message 'Processing IncludeTargets' $complexincludeTargets = @() foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/settings.json index d76dc8bbff..324bba1b9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/settings.json @@ -1,6 +1,7 @@ { "resourceName": "AADAuthenticationMethodPolicySms", - "description": "This resource configures an Azure AD Authentication Method Policy Sms.","roles": { + "description": "This resource configures an Azure AD Authentication Method Policy Sms.", + "roles": { "read": [ "Security Reader" ], diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySoftware/MSFT_AADAuthenticationMethodPolicySoftware.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySoftware/MSFT_AADAuthenticationMethodPolicySoftware.psm1 index 5d5ab861f5..b881b56147 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySoftware/MSFT_AADAuthenticationMethodPolicySoftware.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySoftware/MSFT_AADAuthenticationMethodPolicySoftware.psm1 @@ -93,7 +93,7 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Authentication Method Policy Software with Id {$Id} was found." #region resource generator code - Write-Verbose -Message "Processing ExcludeTargets" + Write-Verbose -Message 'Processing ExcludeTargets' $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) { @@ -133,7 +133,7 @@ function Get-TargetResource } #endregion - Write-Verbose -Message "Processing IncludeTargets" + Write-Verbose -Message 'Processing IncludeTargets' $complexincludeTargets = @() foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 index afbb27114f..db3c3228fd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 @@ -113,7 +113,7 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$($currentExcludeTargets.id))} was found." #region resource generator code - Write-Verbose -Message "Processing ExcludeTargets" + Write-Verbose -Message 'Processing ExcludeTargets' $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) { @@ -154,7 +154,7 @@ function Get-TargetResource } #endregion - Write-Verbose -Message "Processing IncludeTargets" + Write-Verbose -Message 'Processing IncludeTargets' $complexincludeTargets = @() foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyVoice/MSFT_AADAuthenticationMethodPolicyVoice.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyVoice/MSFT_AADAuthenticationMethodPolicyVoice.psm1 index c74b6b96e1..7112443f8d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyVoice/MSFT_AADAuthenticationMethodPolicyVoice.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyVoice/MSFT_AADAuthenticationMethodPolicyVoice.psm1 @@ -97,7 +97,7 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Authentication Method Policy Voice with Id {$Id} was found." #region resource generator code - Write-Verbose -Message "Processing ExcludeTargets" + Write-Verbose -Message 'Processing ExcludeTargets' $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) { @@ -137,7 +137,7 @@ function Get-TargetResource } #endregion - Write-Verbose -Message "Processing IncludeTargets" + Write-Verbose -Message 'Processing IncludeTargets' $complexincludeTargets = @() foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 index d78d5bfbf1..a858c0fc4d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 @@ -161,13 +161,13 @@ function Set-TargetResource if ($PerUserMfaState -eq 'enabled' -and $currentInstance.PerUserMfaState -eq 'disabled') { $params = @{ - "perUserMfaState" = "enabled" + 'perUserMfaState' = 'enabled' } } elseif ($PerUserMfaState -eq 'disabled' -and $currentInstance.PerUserMfaState -eq 'enabled') { $params = @{ - "perUserMfaState" = "disabled" + 'perUserMfaState' = 'disabled' } } @@ -310,7 +310,7 @@ function Export-TargetResource try { - [array]$getValue = Get-MgUser -ErrorAction Stop | Where-Object -FilterScript {$null -ne $_.Id} + [array]$getValue = Get-MgUser -ErrorAction Stop | Where-Object -FilterScript { $null -ne $_.Id } $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/settings.json index e56d74c0d4..09b1b4aab0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/settings.json @@ -8,28 +8,24 @@ "permissions": { "graph": { "delegated": { - "read": - [ + "read": [ { "name": "UserAuthenticationMethod.Read.All" } ], - "update": - [ + "update": [ { "name": "UserAuthenticationMethod.ReadWrite.All" } ] }, "application": { - "read": - [ + "read": [ { "name": "UserAuthenticationMethod.Read.All" } ], - "update": - [ + "update": [ { "name": "UserAuthenticationMethod.ReadWrite.All" } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 index 2f47cae8a5..63e999016f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 @@ -84,7 +84,7 @@ function Get-TargetResource if ($null -eq $getValue) { - $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} -ErrorAction SilentlyContinue + $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } -ErrorAction SilentlyContinue } if ($null -eq $getValue) @@ -196,16 +196,16 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating new Azure AD AuthenticationStrengthPolicy {$DisplayName}" - $BoundParameters.Remove("Id") | Out-Null + $BoundParameters.Remove('Id') | Out-Null New-MgBetaPolicyAuthenticationStrengthPolicy @BoundParameters } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Azure AD Authentication Strength Policy with DisplayName {$DisplayName}" - $BoundParameters.Add("AuthenticationStrengthPolicyId", $currentInstance.Id) - $BoundParameters.Remove("Id") | Out-Null + $BoundParameters.Add('AuthenticationStrengthPolicyId', $currentInstance.Id) + $BoundParameters.Remove('Id') | Out-Null $combinations = $BoundParameters.AllowedCombinations - $BoundParameters.Remove("AllowedCombinations") | Out-Null + $BoundParameters.Remove('AllowedCombinations') | Out-Null Update-MgBetaPolicyAuthenticationStrengthPolicy @BoundParameters Write-Verbose -Message "Updating the Azure AD Authentication Strength Policy allowed combination with DisplayName {$DisplayName}" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/MSFT_AADClaimsMappingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/MSFT_AADClaimsMappingPolicy.psm1 index 20974fa4ca..e5fb928b35 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/MSFT_AADClaimsMappingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/MSFT_AADClaimsMappingPolicy.psm1 @@ -83,7 +83,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaPolicyClaimMappingPolicy -ClaimsMappingPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaPolicyClaimMappingPolicy -ClaimsMappingPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -93,10 +93,7 @@ function Get-TargetResource { $getValue = Get-MgBetaPolicyClaimMappingPolicy ` -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.ClaimsMappingPolicy" - } + -ErrorAction SilentlyContinue } } #endregion @@ -109,15 +106,15 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Claims Mapping Policy with Id {$Id} and DisplayName {$DisplayName} was found" $complexDefinition = @() - foreach($getDefinitionJson in $getValue.Definition) + foreach ($getDefinitionJson in $getValue.Definition) { $getDefinition = ($getDefinitionJson | ConvertFrom-Json) $ClaimsSchema = @() foreach ($claimschema in $getDefinition.ClaimsMappingPolicy.ClaimsSchema) { $ClaimsSchema += @{ - Source = $claimschema.Source - Id = $claimschema.Id + Source = $claimschema.Source + Id = $claimschema.Id SamlClaimType = $claimschema.SamlClaimType } } @@ -129,8 +126,8 @@ function Get-TargetResource foreach ($inputparam in $claimtransformation.InputParameters) { $inputparams += @{ - Value = $inputparam.Value - Id = $inputparam.Id + Value = $inputparam.Value + Id = $inputparam.Id DataType = $inputparam.DataType } } @@ -139,23 +136,23 @@ function Get-TargetResource foreach ($outclaim in $claimtransformation.OutputClaims) { $outputClaimsObj += @{ - ClaimTypeReferenceId = $outclaim.ClaimTypeReferenceId + ClaimTypeReferenceId = $outclaim.ClaimTypeReferenceId TransformationClaimType = $outclaim.TransformationClaimType } } $ClaimsTransformation += @{ - Id = $claimtransformation.Id + Id = $claimtransformation.Id TransformationMethod = $claimtransformation.TransformationMethod - InputParameters = $inputparams - OutputClaims = $outputClaimsObj + InputParameters = $inputparams + OutputClaims = $outputClaimsObj } } $complexDefinition += @{ ClaimsMappingPolicy = @{ - Version = $getDefinition.ClaimsMappingPolicy.Version + Version = $getDefinition.ClaimsMappingPolicy.Version IncludeBasicClaimSet = [bool]$getDefinition.ClaimsMappingPolicy.IncludeBasicClaimSet - ClaimsSchema = $ClaimsSchema + ClaimsSchema = $ClaimsSchema ClaimsTransformation = $ClaimsTransformation } } @@ -540,16 +537,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -560,29 +557,29 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'ClaimsMappingPolicy' + Name = 'ClaimsMappingPolicy' CimInstanceName = 'MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'ClaimsSchema' + Name = 'ClaimsSchema' CimInstanceName = 'AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'ClaimsTransformation' + Name = 'ClaimsTransformation' CimInstanceName = 'AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'InputParameters' + Name = 'InputParameters' CimInstanceName = 'AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter' - IsRequired = $False + IsRequired = $False }, @{ - Name = 'OutputClaims' + Name = 'OutputClaims' CimInstanceName = 'AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/settings.json index 65ae94f99c..10d0e1b741 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADClaimsMappingPolicy/settings.json @@ -1,33 +1,32 @@ { "resourceName": "AADClaimsMappingPolicy", "description": "This resource configures an Azure AD Claims Mapping Policy.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Policy.Read.All" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - }, - "application": { - "read": [ - { - "name": "Policy.Read.All" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.Read.All" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.Read.All" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index af09ab623d..d7e0d55a4e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1436,7 +1436,8 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process includeServicePrincipals' if ($currentParameters.ContainsKey('IncludeServicePrincipals')) { - if (-not $conditions.ContainsKey('clientApplications')) { + if (-not $conditions.ContainsKey('clientApplications')) + { $conditions.Add('clientApplications', @{}) } $conditions.clientApplications.Add('includeServicePrincipals', $IncludeServicePrincipals) @@ -1445,7 +1446,8 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process excludeServicePrincipals' if ($currentParameters.ContainsKey('ExcludeServicePrincipals')) { - if (-not $conditions.ContainsKey('clientApplications')) { + if (-not $conditions.ContainsKey('clientApplications')) + { $conditions.Add('clientApplications', @{}) } $conditions.clientApplications.Add('excludeServicePrincipals', $ExcludeServicePrincipals) @@ -1455,18 +1457,21 @@ function Set-TargetResource if ($currentParameters.ContainsKey('ServicePrincipalFilterMode') -and $currentParameters.ContainsKey('ServicePrincipalFilterRule')) { #check if the custom attribute exist. - $customattribute = Invoke-MgGraphRequest -Method GET -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directory/customSecurityAttributeDefinitions") - $ServicePrincipalFilterRule -match "CustomSecurityAttribute.(?.*) -.*" + $customattribute = Invoke-MgGraphRequest -Method GET -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions') + $ServicePrincipalFilterRule -match 'CustomSecurityAttribute.(?.*) -.*' $attrinrule = $matches.attribute - if ($customattribute.value.id -contains $attrinrule){ - if (-not $conditions.ContainsKey('clientApplications')) { + if ($customattribute.value.id -contains $attrinrule) + { + if (-not $conditions.ContainsKey('clientApplications')) + { $conditions.Add('clientApplications', @{}) } $conditions.clientApplications.Add('servicePrincipalFilter', @{}) $conditions.clientApplications.servicePrincipalFilter.Add('mode', $ServicePrincipalFilterMode) $conditions.clientApplications.servicePrincipalFilter.Add('rule', $ServicePrincipalFilterRule) } - else{ + else + { $message = "Couldn't find the custom attribute $attrinrule in the tenant, couldn't add the filter to policy $DisplayName" Write-Verbose -Message $message New-M365DSCLogEntry -Message $message ` @@ -1634,7 +1639,7 @@ function Set-TargetResource if ([String]::IsNullOrEmpty($InsiderRiskLevels) -eq $false) { - $conditions.Add("insiderRiskLevels", $InsiderRiskLevels) + $conditions.Add('insiderRiskLevels', $InsiderRiskLevels) } Write-Verbose -Message 'Set-Targetresource: process risk levels and app types' @@ -1836,7 +1841,7 @@ function Set-TargetResource { try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/conditionalAccess/policies" + $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identity/conditionalAccess/policies' Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $NewParameters } catch @@ -2164,7 +2169,7 @@ function Test-TargetResource else { Write-Verbose -Message "TransferMethods are not equal: [$TransferMethods] - [$($CurrentValues.TransferMethods)]" - $TestResult = $false + $TestResult = $false } if ($TestResult) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 index d77e4aa571..a798d8cbaa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/MSFT_AADConnectorGroupApplicationProxy.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource $Name, [Parameter()] - [ValidateSet('nam','eur','aus','asia','ind','unknownFutureValue')] + [ValidateSet('nam', 'eur', 'aus', 'asia', 'ind', 'unknownFutureValue')] [System.String] $Region, @@ -77,7 +77,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $getValue = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $getValue = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -92,7 +92,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $getValue = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $getValue = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -156,7 +156,7 @@ function Set-TargetResource $Name, [Parameter()] - [ValidateSet('nam','eur','aus','asia','ind','unknownFutureValue')] + [ValidateSet('nam', 'eur', 'aus', 'asia', 'ind', 'unknownFutureValue')] [System.String] $Region, @@ -213,7 +213,7 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $OnPremisesPublishingProfileId = "applicationProxy" + $OnPremisesPublishingProfileId = 'applicationProxy' if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { @@ -265,7 +265,7 @@ function Test-TargetResource $Name, [Parameter()] - [ValidateSet('nam','eur','aus','asia','ind','unknownFutureValue')] + [ValidateSet('nam', 'eur', 'aus', 'asia', 'ind', 'unknownFutureValue')] [System.String] $Region, @@ -428,8 +428,8 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - Name = $config.Name + Id = $config.Id + Name = $config.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json index aa6b7ca3b9..f6d7c7de75 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConnectorGroupApplicationProxy/settings.json @@ -30,4 +30,3 @@ } } } - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicy/MSFT_AADCrossTenantAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicy/MSFT_AADCrossTenantAccessPolicy.psm1 index 6cf95e4059..6722945bfb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicy/MSFT_AADCrossTenantAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicy/MSFT_AADCrossTenantAccessPolicy.psm1 @@ -177,25 +177,25 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Azure AD Cross Tenant Access Policy instance cannot be created" + Write-Verbose -Message 'Azure AD Cross Tenant Access Policy instance cannot be created' } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating the Azure AD Cross Tenant Access Policy" + Write-Verbose -Message 'Updating the Azure AD Cross Tenant Access Policy' $UpdateParams = @{} if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - $UpdateParams.Add("DisplayName", $DisplayName) + $UpdateParams.Add('DisplayName', $DisplayName) } if ($null -ne $AllowedCloudEndpoints) { - $UpdateParams.Add("AllowedCloudEndpoints", $AllowedCloudEndpoints) + $UpdateParams.Add('AllowedCloudEndpoints', $AllowedCloudEndpoints) } Update-MgBetaPolicyCrossTenantAccessPolicy -BodyParameter $UpdateParams } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Azure AD Cross Tenant Access Policies cannot be removed." + Write-Verbose -Message 'Azure AD Cross Tenant Access Policies cannot be removed.' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1 index bdcbf0e75a..161a160feb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationDefault/MSFT_AADCrossTenantAccessPolicyConfigurationDefault.psm1 @@ -222,14 +222,14 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $OperationParams = ([Hashtable]$PSBoundParameters).Clone() - $OperationParams.Remove("Credential") | Out-Null - $OperationParams.Remove("ManagedIdentity") | Out-Null - $OperationParams.Remove("ApplicationId") | Out-Null - $OperationParams.Remove("TenantId") | Out-Null - $OperationParams.Remove("CertificateThumbprint") | Out-Null - $OperationParams.Remove("ApplicationSecret") | Out-Null - $OperationParams.Remove("Ensure") | Out-Null - $OperationParams.Remove("IsSingleInstance") | Out-Null + $OperationParams.Remove('Credential') | Out-Null + $OperationParams.Remove('ManagedIdentity') | Out-Null + $OperationParams.Remove('ApplicationId') | Out-Null + $OperationParams.Remove('TenantId') | Out-Null + $OperationParams.Remove('CertificateThumbprint') | Out-Null + $OperationParams.Remove('ApplicationSecret') | Out-Null + $OperationParams.Remove('Ensure') | Out-Null + $OperationParams.Remove('IsSingleInstance') | Out-Null $OperationParams.Remove('AccessTokens') | Out-Null if ($null -ne $OperationParams.B2BCollaborationInbound) @@ -259,12 +259,12 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating Cross Tenant Access Policy Configuration Default" + Write-Verbose -Message 'Updating Cross Tenant Access Policy Configuration Default' Update-MgBetaPolicyCrossTenantAccessPolicyDefault @OperationParams } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing Cross Tenant Access Policy Configuration Default is not supported" + Write-Verbose -Message 'Removing Cross Tenant Access Policy Configuration Default is not supported' } } @@ -709,7 +709,7 @@ function Get-M365DSCAADCrossTenantAccessPolicyB2BSetting } #endregion $results = @{ - Applications = $applications + Applications = $applications UsersAndGroups = $usersAndGroups } @@ -746,7 +746,7 @@ function Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString $StringContent = $null if ($null -ne $Setting.IsCompliantDeviceAccepted -or $null -ne $Setting.IsHybridAzureADJoinedDeviceAccepted -or ` - $null -ne $Setting.IsMfaAccepted) + $null -ne $Setting.IsMfaAccepted) { $StringContent = "MSFT_AADCrossTenantAccessPolicyInboundTrust {`r`n" if ($null -ne $Setting.IsCompliantDeviceAccepted) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1 index 000ddfa281..ef0bd66662 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCrossTenantAccessPolicyConfigurationPartner/MSFT_AADCrossTenantAccessPolicyConfigurationPartner.psm1 @@ -797,7 +797,7 @@ function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsStri { $StringContent += " InboundAllowed = `$" + $Setting.InboundAllowed.ToString() + "`r`n" } - if ($null -ne $Setting.OutboundAllowed) + if ($null -ne $Setting.OutboundAllowed) { $StringContent += " OutboundAllowed = `$" + $Setting.OutboundAllowed.ToString() + "`r`n" } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomAuthenticationExtension/MSFT_AADCustomAuthenticationExtension.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomAuthenticationExtension/MSFT_AADCustomAuthenticationExtension.psm1 index 63f67975f9..9139139416 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomAuthenticationExtension/MSFT_AADCustomAuthenticationExtension.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomAuthenticationExtension/MSFT_AADCustomAuthenticationExtension.psm1 @@ -104,7 +104,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' - Write-Verbose -Message "Fetching result...." + Write-Verbose -Message 'Fetching result....' try { # check for export. @@ -113,13 +113,13 @@ function Get-TargetResource # check with Id first if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } # check with display name next. if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } else @@ -127,12 +127,12 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($Id)) { $instance = Get-MgBetaIdentityCustomAuthenticationExtension -CustomAuthenticationExtensionId $Id ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue } if ($null -eq $instance) { $instance = Get-MgBetaIdentityCustomAuthenticationExtension -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue } } if ($null -eq $instance) @@ -140,7 +140,7 @@ function Get-TargetResource return $nullResult } - Write-Verbose "Instance found for the resource. Calculating result...." + Write-Verbose 'Instance found for the resource. Calculating result....' $results = @{ DisplayName = $instance.DisplayName @@ -151,13 +151,13 @@ function Get-TargetResource if ($instance.AdditionalProperties -ne $null) { - $results.Add('CustomAuthenticationExtensionType', $instance.AdditionalProperties["@odata.type"]) + $results.Add('CustomAuthenticationExtensionType', $instance.AdditionalProperties['@odata.type']) } if ($instance.AuthenticationConfiguration -ne $null) { - $results.Add('AuthenticationConfigurationType', $instance.AuthenticationConfiguration["@odata.type"]) - $results.Add('AuthenticationConfigurationResourceId', $instance.AuthenticationConfiguration["resourceId"]) + $results.Add('AuthenticationConfigurationType', $instance.AuthenticationConfiguration['@odata.type']) + $results.Add('AuthenticationConfigurationResourceId', $instance.AuthenticationConfiguration['resourceId']) } if ($instance.ClientConfiguration -ne $null) @@ -169,25 +169,25 @@ function Get-TargetResource $endpointConfigurationInstance = @{} if ($instance.EndPointConfiguration -ne $null -and $instance.EndPointConfiguration.AdditionalProperties -ne $null) { - $endpointConfigurationInstance.Add("EndpointType", $instance.EndPointConfiguration.AdditionalProperties["@odata.type"]) + $endpointConfigurationInstance.Add('EndpointType', $instance.EndPointConfiguration.AdditionalProperties['@odata.type']) - if ($endpointConfigurationInstance["EndpointType"] -eq '#microsoft.graph.httpRequestEndpoint') + if ($endpointConfigurationInstance['EndpointType'] -eq '#microsoft.graph.httpRequestEndpoint') { - $endpointConfigurationInstance.Add("TargetUrl", $instance.EndPointConfiguration.AdditionalProperties["targetUrl"]) + $endpointConfigurationInstance.Add('TargetUrl', $instance.EndPointConfiguration.AdditionalProperties['targetUrl']) } - if ($endpointConfigurationInstance["EndpointType"] -eq '#microsoft.graph.logicAppTriggerEndpointConfiguration') + if ($endpointConfigurationInstance['EndpointType'] -eq '#microsoft.graph.logicAppTriggerEndpointConfiguration') { - $endpointConfigurationInstance.Add("SubscriptionId", $instance.EndPointConfiguration.AdditionalProperties["subscriptionId"]) - $endpointConfigurationInstance.Add("ResourceGroupName", $instance.EndPointConfiguration.AdditionalProperties["resourceGroupName"]) - $endpointConfigurationInstance.Add("LogicAppWorkflowName", $instance.EndPointConfiguration.AdditionalProperties["logicAppWorkflowName"]) + $endpointConfigurationInstance.Add('SubscriptionId', $instance.EndPointConfiguration.AdditionalProperties['subscriptionId']) + $endpointConfigurationInstance.Add('ResourceGroupName', $instance.EndPointConfiguration.AdditionalProperties['resourceGroupName']) + $endpointConfigurationInstance.Add('LogicAppWorkflowName', $instance.EndPointConfiguration.AdditionalProperties['logicAppWorkflowName']) } } $ClaimsForTokenConfigurationInstance = @() - if ($instance.AdditionalProperties -ne $null -and $instance.AdditionalProperties["claimsForTokenConfiguration"] -ne $null) + if ($instance.AdditionalProperties -ne $null -and $instance.AdditionalProperties['claimsForTokenConfiguration'] -ne $null) { - foreach ($claim in $instance.AdditionalProperties["claimsForTokenConfiguration"]) + foreach ($claim in $instance.AdditionalProperties['claimsForTokenConfiguration']) { $c = @{ ClaimIdInApiResponse = $claim.claimIdInApiResponse @@ -319,52 +319,52 @@ function Set-TargetResource $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $params = @{ - "@odata.type" = $setParameters.CustomAuthenticationExtensionType - displayName = $setParameters.DisplayName - description = $setParameters.Description - endpointConfiguration = @{ - "@odata.type" = $setParameters.EndPointConfiguration.EndpointType + '@odata.type' = $setParameters.CustomAuthenticationExtensionType + displayName = $setParameters.DisplayName + description = $setParameters.Description + endpointConfiguration = @{ + '@odata.type' = $setParameters.EndPointConfiguration.EndpointType } authenticationConfiguration = @{ - "@odata.type" = $setParameters.AuthenticationConfigurationType - resourceId = $setParameters.AuthenticationConfigurationResourceId + '@odata.type' = $setParameters.AuthenticationConfigurationType + resourceId = $setParameters.AuthenticationConfigurationResourceId } - clientConfiguration = @{ - timeoutInMilliseconds = $setParameters["ClientConfigurationTimeoutMilliseconds"] - maximumRetries = $setParameters["ClientConfigurationMaximumRetries"] + clientConfiguration = @{ + timeoutInMilliseconds = $setParameters['ClientConfigurationTimeoutMilliseconds'] + maximumRetries = $setParameters['ClientConfigurationMaximumRetries'] } } - if ($params.endpointConfiguration["@odata.type"] -eq "#microsoft.graph.httpRequestEndpoint") + if ($params.endpointConfiguration['@odata.type'] -eq '#microsoft.graph.httpRequestEndpoint') { Write-Verbose -Message "{$setParameters.EndPointConfiguration.TargetUrl}" - $params.endpointConfiguration["targetUrl"] = $setParameters.EndPointConfiguration.TargetUrl + $params.endpointConfiguration['targetUrl'] = $setParameters.EndPointConfiguration.TargetUrl } - if ($params.endpointConfiguration["@odata.type"] -eq "#microsoft.graph.logicAppTriggerEndpointConfiguration") + if ($params.endpointConfiguration['@odata.type'] -eq '#microsoft.graph.logicAppTriggerEndpointConfiguration') { - $params.endpointConfiguration["subscriptionId"] = $setParameters.EndPointConfiguration["SubscriptionId"] - $params.endpointConfiguration["resourceGroupName"] = $setParameters.EndPointConfiguration["ResourceGroupName"] - $params.endpointConfiguration["logicAppWorkflowName"] = $setParameters.EndPointConfiguration["LogicAppWorkflowName"] + $params.endpointConfiguration['subscriptionId'] = $setParameters.EndPointConfiguration['SubscriptionId'] + $params.endpointConfiguration['resourceGroupName'] = $setParameters.EndPointConfiguration['ResourceGroupName'] + $params.endpointConfiguration['logicAppWorkflowName'] = $setParameters.EndPointConfiguration['LogicAppWorkflowName'] } # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $params.Add("claimsForTokenConfiguration", @()) + $params.Add('claimsForTokenConfiguration', @()) foreach ($claim in $setParameters.claimsForTokenConfiguration) { $val = $claim.claimIdInApiResponse Write-Verbose -Message "{$val}" $c = @{ - "claimIdInApiResponse" = $claim.claimIdInApiResponse + 'claimIdInApiResponse' = $claim.claimIdInApiResponse } $params.claimsForTokenConfiguration += $c } $params.Remove('Id') | Out-Null - $type = $params["@odata.type"] + $type = $params['@odata.type'] Write-Verbose -Message "Creating new Custom authentication extension with display name {$DisplayName} and type {$type}" New-MgBetaIdentityCustomAuthenticationExtension -BodyParameter $params } @@ -376,16 +376,16 @@ function Set-TargetResource $params.Add('CustomAuthenticationExtensionId', $currentInstance.Id) $params.Remove('Id') | Out-Null - $params.Add("AdditionalProperties", @{}) - $params["AdditionalProperties"].Add("ClaimsForTokenConfiguration", @()) + $params.Add('AdditionalProperties', @{}) + $params['AdditionalProperties'].Add('ClaimsForTokenConfiguration', @()) - foreach ($claim in $setParameters["ClaimsForTokenConfiguration"]) + foreach ($claim in $setParameters['ClaimsForTokenConfiguration']) { $c = @{ - "claimIdInApiResponse" = $claim["ClaimIdInApiResponse"] + 'claimIdInApiResponse' = $claim['ClaimIdInApiResponse'] } - $params["AdditionalProperties"]["claimsForTokenConfiguration"] += $c + $params['AdditionalProperties']['claimsForTokenConfiguration'] += $c } Write-Verbose -Message "{$params['@odata.type']}" @@ -519,7 +519,8 @@ function Test-TargetResource Write-Verbose "TestResult returned False for $source" $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -627,12 +628,12 @@ function Export-TargetResource $Results = Get-TargetResource @Params $endpointConfigurationCimString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.EndpointConfiguration ` - -CIMInstanceName 'MSFT_AADCustomAuthenticationExtensionEndPointConfiguration' + -ComplexObject $Results.EndpointConfiguration ` + -CIMInstanceName 'MSFT_AADCustomAuthenticationExtensionEndPointConfiguration' $ClaimsForTokenConfigurationCimString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.ClaimsForTokenConfiguration ` - -CIMInstanceName 'MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration' + -ComplexObject $Results.ClaimsForTokenConfiguration ` + -CIMInstanceName 'MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration' $Results.EndPointConfiguration = $endpointConfigurationCimString $Results.ClaimsForTokenConfiguration = $ClaimsForTokenConfigurationCimString @@ -648,12 +649,12 @@ function Export-TargetResource if ($Results.EndPointConfiguration -ne $null) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EndPointConfiguration" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EndPointConfiguration' } if ($Results.ClaimsForTokenConfiguration -ne $null) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ClaimsForTokenConfiguration" -IsCIMArray $true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ClaimsForTokenConfiguration' -IsCIMArray $true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomSecurityAttributeDefinition/MSFT_AADCustomSecurityAttributeDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomSecurityAttributeDefinition/MSFT_AADCustomSecurityAttributeDefinition.psm1 index 1e7e5822ab..2e68367f7d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomSecurityAttributeDefinition/MSFT_AADCustomSecurityAttributeDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADCustomSecurityAttributeDefinition/MSFT_AADCustomSecurityAttributeDefinition.psm1 @@ -97,11 +97,11 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } } else @@ -109,12 +109,12 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($Id)) { $instance = Get-MgBetaDirectoryCustomSecurityAttributeDefinition -CustomSecurityAttributeDefinitionId $Id ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue } if ($null -eq $instance) { $instance = Get-MgBetaDirectoryCustomSecurityAttributeDefinition -Filter "Name eq '$Name'" ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue } } if ($null -eq $instance) @@ -271,7 +271,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing Atribute Definition {$Name}. Setting its status to 'Deprecated'" Update-MgBetaDirectoryCustomSecurityAttributeDefinition -CustomSecurityAttributeDefinitionId $currentInstance.Id ` - -Status 'Deprecated' + -Status 'Deprecated' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 index 8fe76dc299..70c85ef25f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 @@ -345,20 +345,20 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $MultiFactorAuthConfigurationValue = "notRequired" + $MultiFactorAuthConfigurationValue = 'notRequired' if ($MultiFactorAuthConfiguration) { $MultiFactorAuthConfigurationValue = 'required' } - $azureADRegistrationAllowedToRegister = "#microsoft.graph.noDeviceRegistrationMembership" + $azureADRegistrationAllowedToRegister = '#microsoft.graph.noDeviceRegistrationMembership' if ($AzureAdJoinLocalAdminsRegisteringMode -eq 'All') { - $azureADRegistrationAllowedToRegister = "#microsoft.graph.allDeviceRegistrationMembership" + $azureADRegistrationAllowedToRegister = '#microsoft.graph.allDeviceRegistrationMembership' } elseif ($AzureAdJoinLocalAdminsRegisteringMode -eq 'Selected') { - $azureADRegistrationAllowedToRegister = "#microsoft.graph.enumeratedDeviceRegistrationMembership" + $azureADRegistrationAllowedToRegister = '#microsoft.graph.enumeratedDeviceRegistrationMembership' $azureADRegistrationAllowedUsers = @() foreach ($user in $AzureAdJoinLocalAdminsRegisteringUsers) @@ -375,14 +375,14 @@ function Set-TargetResource } } - $localAdminAllowedMode = "#microsoft.graph.noDeviceRegistrationMembership" + $localAdminAllowedMode = '#microsoft.graph.noDeviceRegistrationMembership' if ($AzureAdJoinLocalAdminsRegisteringMode -eq 'All') { - $localAdminAllowedMode = "#microsoft.graph.allDeviceRegistrationMembership" + $localAdminAllowedMode = '#microsoft.graph.allDeviceRegistrationMembership' } elseif ($AzureAdJoinLocalAdminsRegisteringMode -eq 'Selected') { - $localAdminAllowedMode = "#microsoft.graph.enumeratedDeviceRegistrationMembership" + $localAdminAllowedMode = '#microsoft.graph.enumeratedDeviceRegistrationMembership' $localAdminAllowedUsers = @() foreach ($user in $AzureAdJoinLocalAdminsRegisteringUsers) @@ -400,31 +400,31 @@ function Set-TargetResource } $updateParameters = @{ - userDeviceQuota = $UserDeviceQuota + userDeviceQuota = $UserDeviceQuota multiFactorAuthConfiguration = $MultiFactorAuthConfigurationValue - azureADJoin = @{ - isAdminConfigurable =$AzureADJoinIsAdminConfigurable - allowedToJoin = @{ + azureADJoin = @{ + isAdminConfigurable = $AzureADJoinIsAdminConfigurable + allowedToJoin = @{ '@odata.type' = $azureADRegistrationAllowedToRegister - users = $AzureADAllowedToJoinUsers - groups = $AzureADAllowedToJoinGroups + users = $AzureADAllowedToJoinUsers + groups = $AzureADAllowedToJoinGroups } - localAdmins = @{ + localAdmins = @{ enableGlobalAdmins = $LocalAdminsEnableGlobalAdmins - registeringUsers = @{ + registeringUsers = @{ '@odata.type' = $localAdminAllowedMode - users = $localAdminAllowedUsers - groups = $localAdminAllowedGroups + users = $localAdminAllowedUsers + groups = $localAdminAllowedGroups } } } - localAdminPassword = @{ + localAdminPassword = @{ isEnabled = $LocalAdminPasswordIsEnabled } - azureADRegistration = @{ + azureADRegistration = @{ isAdminConfigurable = $false - allowedToRegister = @{ - '@odata.type' = "#microsoft.graph.allDeviceRegistrationMembership" + allowedToRegister = @{ + '@odata.type' = '#microsoft.graph.allDeviceRegistrationMembership' } } } @@ -531,7 +531,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the Device Registration Policy" + Write-Verbose -Message 'Testing configuration of the Device Registration Policy' $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -617,7 +617,7 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` @@ -634,7 +634,7 @@ function Export-TargetResource } catch { - if ($_.ErrorDetails.Message -like "*Insufficient privileges*") + if ($_.ErrorDetails.Message -like '*Insufficient privileges*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) Insufficient permissions or license to export Attribute Sets." } @@ -642,10 +642,10 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } return '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/settings.json index 3324b5f4e0..0017f57ca4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/settings.json @@ -12,10 +12,8 @@ "permissions": { "graph": { "delegated": { - "read": [ - ], - "update": [ - ] + "read": [], + "update": [] }, "application": { "read": [ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 index 24534197ea..3b82984982 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 @@ -161,18 +161,18 @@ function Set-TargetResource Write-Verbose -Message 'Updating Enriched Audit Logs settings' $values = @{ - "@odata.type" = "#microsoft.graph.networkaccess.enrichedAuditLogs" - exchange = @{ - "@odata.type" = "#microsoft.graph.networkaccess.enrichedAuditLogsSettings" - status = $ExchangeOnline + '@odata.type' = '#microsoft.graph.networkaccess.enrichedAuditLogs' + exchange = @{ + '@odata.type' = '#microsoft.graph.networkaccess.enrichedAuditLogsSettings' + status = $ExchangeOnline } - sharepoint = @{ - "@odata.type" = "#microsoft.graph.networkaccess.enrichedAuditLogsSettings" - status = $SharePoint + sharepoint = @{ + '@odata.type' = '#microsoft.graph.networkaccess.enrichedAuditLogsSettings' + status = $SharePoint } - teams = @{ - "@odata.type" = "#microsoft.graph.networkaccess.enrichedAuditLogsSettings" - status = $Teams + teams = @{ + '@odata.type' = '#microsoft.graph.networkaccess.enrichedAuditLogsSettings' + status = $Teams } } $body = ConvertTo-Json $values -Depth 10 -Compress @@ -328,7 +328,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint ManagedIdentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens - } + } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 7f6b0dc6de..2ef5d6db5a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -117,7 +117,7 @@ function Get-TargetResource if ($null -eq $getValue) { - if(-not [System.String]::IsNullOrEmpty($id)) + if (-not [System.String]::IsNullOrEmpty($id)) { Write-Verbose -Message "Nothing with id {$id} was found" } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 3c068d29e1..8a1595dd4b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -134,7 +134,7 @@ function Get-TargetResource #region Format AccessReviewSettings $formattedAccessReviewSettings = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.AccessReviewSettings -Verbose - if($null -ne $formattedAccessReviewSettings) + if ($null -ne $formattedAccessReviewSettings) { $formattedAccessReviewSettings.remove('additionalProperties') | Out-Null } @@ -227,11 +227,11 @@ function Get-TargetResource { foreach ($setting in $formattedRequestorSettings.allowedRequestors) { - if (-not $setting.ContainsKey("odataType")) + if (-not $setting.ContainsKey('odataType')) { - $setting.add('odataType',$setting.AdditionalProperties."@odata.type") + $setting.add('odataType', $setting.AdditionalProperties.'@odata.type') } - if(-not [String]::isNullOrEmpty($setting.AdditionalProperties.id)) + if (-not [String]::isNullOrEmpty($setting.AdditionalProperties.id)) { $user = Get-MgUser -UserId $setting.AdditionalProperties.id -ErrorAction SilentlyContinue if ($null -ne $user) @@ -252,9 +252,9 @@ function Get-TargetResource $formattedQuestions = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $getValue.Questions foreach ($question in $formattedQuestions) { - if (-not $question.ContainsKey("odataType")) + if (-not $question.ContainsKey('odataType')) { - $question.add("odataType",$question.AdditionalProperties."@odata.type") + $question.add('odataType', $question.AdditionalProperties.'@odata.type') } if ($null -ne $question.Text) { @@ -288,7 +288,7 @@ function Get-TargetResource { $customExt = @{ #Id = $customExtensionHandler.Id #Read Only - Stage = $customExtensionHandler.Stage + Stage = $customExtensionHandler.Stage CustomExtensionId = $customExtensionHandler.CustomExtension.Id } $formattedCustomExtensionHandlers += $customExt @@ -540,9 +540,9 @@ function Set-TargetResource $formattedCustomExtensionHandlers = @() foreach ($customExtensionHandler in $CreateParameters.CustomExtensionHandlers) { - $extensionId= $customExtensionHandler.CustomExtensionId + $extensionId = $customExtensionHandler.CustomExtensionId $formattedCustomExtensionHandlers += @{ - stage = $customExtensionHandler.Stage + stage = $customExtensionHandler.Stage customExtension = @{ id = $extensionId } @@ -661,9 +661,9 @@ function Set-TargetResource $formattedCustomExtensionHandlers = @() foreach ($customExtensionHandler in $UpdateParameters.CustomExtensionHandlers) { - $extensionId= $customExtensionHandler.CustomExtensionId + $extensionId = $customExtensionHandler.CustomExtensionId $formattedCustomExtensionHandlers += @{ - stage = $customExtensionHandler.Stage + stage = $customExtensionHandler.Stage customExtension = @{ id = $extensionId } @@ -963,9 +963,9 @@ function Export-TargetResource } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.AccessReviewSettings ` - -CIMInstanceName MicrosoftGraphassignmentreviewsettings ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.AccessReviewSettings ` + -CIMInstanceName MicrosoftGraphassignmentreviewsettings ` + -ComplexTypeMapping $complexMapping if ($complexTypeStringResult) { $Results.AccessReviewSettings = $complexTypeStringResult diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index 36cd50c4af..99e4030a26 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -450,7 +450,7 @@ function Export-TargetResource try { #region resource generator code - [array]$getValue = (Get-MgBetaEntitlementManagementAccessPackage -all -ErrorAction Stop)| Select-Object -Unique CatalogId |Select-Object -ExpandProperty CatalogId + [array]$getValue = (Get-MgBetaEntitlementManagementAccessPackage -All -ErrorAction Stop) | Select-Object -Unique CatalogId | Select-Object -ExpandProperty CatalogId #endregion $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 06bdda2938..63e6cb1b3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -128,14 +128,14 @@ function Get-TargetResource } $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` - -AccessPackageCatalogId $CatalogId ` + -AccessPackageCatalogId $CatalogId ` -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Retrieving Resource by Display Name {$DisplayName}" $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` - -AccessPackageCatalogId $CatalogId ` + -AccessPackageCatalogId $CatalogId ` -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue } } @@ -339,7 +339,7 @@ function Set-TargetResource $resource = ([Hashtable]$PSBoundParameters).clone() $ObjectGuid = [System.Guid]::empty if ($OriginSystem -eq 'AADGroup' -and ` - -not [System.Guid]::TryParse($OriginId, [System.Management.Automation.PSReference]$ObjectGuid)) + -not [System.Guid]::TryParse($OriginId, [System.Management.Automation.PSReference]$ObjectGuid)) { Write-Verbose -Message "The Group reference was provided by name {$OriginId}. Retrieving associated id." $groupInfo = Get-MgGroup -Filter "DisplayName eq '$OriginId'" @@ -353,7 +353,7 @@ function Set-TargetResource $ObjectGuid = [System.Guid]::empty if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) { - Write-Verbose -Message "Retrieving Catalog by Display Name" + Write-Verbose -Message 'Retrieving Catalog by Display Name' $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CatalogId)'" if ($catalogInstance) { @@ -406,7 +406,7 @@ function Set-TargetResource $ObjectGuid = [System.Guid]::empty if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) { - Write-Verbose -Message "Retrieving Catalog by Display Name" + Write-Verbose -Message 'Retrieving Catalog by Display Name' $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CatalogId)'" if ($catalogInstance) { @@ -725,7 +725,7 @@ function Export-TargetResource $catalogId = $catalog.id - [array]$resources = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $catalogId -ErrorAction Stop + [array]$resources = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $catalogId -ErrorAction Stop $j = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 1c0587dc95..1e50576601 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -443,10 +443,10 @@ function Set-TargetResource foreach ($sponsor in $ExternalSponsors) { $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -457,9 +457,9 @@ function Set-TargetResource foreach ($sponsor in $InternalSponsors) { $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -506,16 +506,16 @@ function Set-TargetResource } $currentInstance.ExternalSponsors = $currentExternalSponsors } - $sponsorsDifferences = compare-object -ReferenceObject @($ExternalSponsors|select-object) -DifferenceObject @($currentInstance.ExternalSponsors|select-object) - $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject - $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject + $sponsorsDifferences = Compare-Object -ReferenceObject @($ExternalSponsors | Select-Object) -DifferenceObject @($currentInstance.ExternalSponsors | Select-Object) + $sponsorsToAdd = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $sponsorsToRemove = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject foreach ($sponsor in $sponsorsToAdd) { $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -544,16 +544,16 @@ function Set-TargetResource } $currentInstance.InternalSponsors = $currentInternalSponsors } - $sponsorsDifferences = compare-object -ReferenceObject @($InternalSponsors|select-object) -DifferenceObject @($currentInstance.InternalSponsors|select-object) - $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject - $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject + $sponsorsDifferences = Compare-Object -ReferenceObject @($InternalSponsors | Select-Object) -DifferenceObject @($currentInstance.InternalSponsors | Select-Object) + $sponsorsToAdd = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $sponsorsToRemove = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject foreach ($sponsor in $sponsorsToAdd) { $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json index 3a9096b509..b1f1eeda04 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json @@ -3,12 +3,12 @@ "description": "This resource configures an Azure AD Entitlement Management Connected Organization.", "roles": { "read": [ - "Security Reader" + "Security Reader" ], "update": [ - "Identity Governance Administrator" + "Identity Governance Administrator" ] - }, + }, "permissions": { "graph": { "delegated": { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/MSFT_AADEntitlementManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/MSFT_AADEntitlementManagementRoleAssignment.psm1 index b3b1c7aadc..0f76cb1c7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/MSFT_AADEntitlementManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/MSFT_AADEntitlementManagementRoleAssignment.psm1 @@ -93,12 +93,12 @@ function Get-TargetResource $getValue = Get-MgBetaRoleManagementEntitlementManagementRoleAssignment -UnifiedRoleAssignmentId $Id } - $user = Get-mguser -UserId $Principal + $user = Get-MgUser -UserId $Principal $roleInfo = Get-MgBetaRoleManagementEntitlementManagementRoleDefinition -Filter "DisplayName eq '$RoleDefinition'" if ($null -eq $getValue) { - if(-not [System.String]::IsNullOrEmpty($Id)) + if (-not [System.String]::IsNullOrEmpty($Id)) { Write-Verbose -Message "Nothing with id {$Id} was found" } @@ -122,7 +122,7 @@ function Get-TargetResource if ($null -eq $getValue) { - Write-Verbose -Message "No existing assignments were found" + Write-Verbose -Message 'No existing assignments were found' return $nullResult } @@ -268,7 +268,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Entitlement Management Role Assignments cannot be updated." + Write-Verbose -Message 'Entitlement Management Role Assignments cannot be updated.' } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -350,7 +350,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Assignment" + Write-Verbose -Message 'Testing configuration of Assignment' $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/settings.json index 5eb3981dd3..d28e733648 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementRoleAssignment/settings.json @@ -40,7 +40,7 @@ "name": "EntitlementManagement.ReadWrite.All" }, { - "name" : "RoleManagement.ReadWrite.Directory" + "name": "RoleManagement.ReadWrite.Directory" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 index 7ffb6e65bc..e2c28a72c0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/MSFT_AADEntitlementManagementSettings.psm1 @@ -156,7 +156,7 @@ function Set-TargetResource $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $setParameters.Remove('IsSingleInstance') | Out-Null - Write-Verbose -Message "Updating Entitlement Management settings" + Write-Verbose -Message 'Updating Entitlement Management settings' Update-MgBetaEntitlementManagementSetting @setParameters | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json index 3005622fd8..631b6cdbc1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementSettings/settings.json @@ -40,7 +40,7 @@ "name": "EntitlementManagement.ReadWrite.All" }, { - "name" : "RoleManagement.ReadWrite.Directory" + "name": "RoleManagement.ReadWrite.Directory" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADExternalIdentityPolicy/MSFT_AADExternalIdentityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADExternalIdentityPolicy/MSFT_AADExternalIdentityPolicy.psm1 index b4cc15b5e9..28b76ad13a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADExternalIdentityPolicy/MSFT_AADExternalIdentityPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADExternalIdentityPolicy/MSFT_AADExternalIdentityPolicy.psm1 @@ -343,7 +343,7 @@ function Export-TargetResource if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) { Write-Host "`r`n" -NoNewline - Write-Host " |---[1/1] External Identity Policy" -NoNewline + Write-Host ' |---[1/1] External Identity Policy' -NoNewline $results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 index 97857762ed..26944c5c3c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource $DisplayName, [Parameter()] - [ValidateSet('passthroughAuthentication','seamlessSso','passwordHashSync','emailAsAlternateId','unknownFutureValue','certificateBasedAuthentication')] + [ValidateSet('passthroughAuthentication', 'seamlessSso', 'passwordHashSync', 'emailAsAlternateId', 'unknownFutureValue', 'certificateBasedAuthentication')] [System.String] $Feature, @@ -100,8 +100,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.FeatureRolloutPolicy" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.FeatureRolloutPolicy' + } } } #endregion @@ -168,7 +168,7 @@ function Set-TargetResource $DisplayName, [Parameter()] - [ValidateSet('passthroughAuthentication','seamlessSso','passwordHashSync','emailAsAlternateId','unknownFutureValue','certificateBasedAuthentication')] + [ValidateSet('passthroughAuthentication', 'seamlessSso', 'passwordHashSync', 'emailAsAlternateId', 'unknownFutureValue', 'certificateBasedAuthentication')] [System.String] $Feature, @@ -287,7 +287,7 @@ function Test-TargetResource $DisplayName, [Parameter()] - [ValidateSet('passthroughAuthentication','seamlessSso','passwordHashSync','emailAsAlternateId','unknownFutureValue','certificateBasedAuthentication')] + [ValidateSet('passthroughAuthentication', 'seamlessSso', 'passwordHashSync', 'emailAsAlternateId', 'unknownFutureValue', 'certificateBasedAuthentication')] [System.String] $Feature, @@ -465,16 +465,16 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 index d5c9a56bd8..47bd688e1b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 @@ -93,11 +93,11 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } else @@ -106,11 +106,11 @@ function Get-TargetResource $instances = Invoke-MgGraphRequest $uri -Method Get if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $instances.value | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $instances.value | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { - $instance = $instances.value | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = $instances.value | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } if ($null -eq $instance) @@ -237,7 +237,7 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParams = @{ - "@odata.type" = "microsoft.graph.samlOrWsFedExternalDomainFederation" + '@odata.type' = 'microsoft.graph.samlOrWsFedExternalDomainFederation' displayName = $DisplayName metadataExchangeUri = $MetadataExchangeUri issuerUri = $IssuerUri @@ -249,7 +249,7 @@ function Set-TargetResource foreach ($domain in $domains) { $instanceParams.domains += @{ - "@odata.type" = "microsoft.graph.externalDomainName" + '@odata.type' = 'microsoft.graph.externalDomainName' id = $domain } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicy/MSFT_AADFilteringPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicy/MSFT_AADFilteringPolicy.psm1 index 1a447cc253..086b244212 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicy/MSFT_AADFilteringPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicy/MSFT_AADFilteringPolicy.psm1 @@ -78,12 +78,12 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($Id)) { Write-Verbose -Message "Retrieving policy by id {$Id}" - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { Write-Verbose -Message "Retrieving policy by name {$Name}" - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } } else @@ -96,7 +96,7 @@ function Get-TargetResource if ($null -eq $instance) { Write-Verbose -Message "Retrieving policy by name {$Name}" - $instance = Get-MgBetaNetworkAccessFilteringPolicy -All | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = Get-MgBetaNetworkAccessFilteringPolicy -All | Where-Object -FilterScript { $_.Name -eq $Name } } } if ($null -eq $instance) @@ -219,7 +219,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating filtering policy {$Name}" Update-MgBetaNetworkAccessFilteringPolicy -FilteringPolicyId $currentInstance.Id ` - -BodyParameter $instanceParams + -BodyParameter $instanceParams } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicyRule/MSFT_AADFilteringPolicyRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicyRule/MSFT_AADFilteringPolicyRule.psm1 index 3d5d4eda49..a54318f96d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicyRule/MSFT_AADFilteringPolicyRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringPolicyRule/MSFT_AADFilteringPolicyRule.psm1 @@ -77,7 +77,7 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $policyInstance = Get-MgBetaNetworkAccessFilteringPolicy | Where-Object -Filter {$_.Name -eq $Policy} + $policyInstance = Get-MgBetaNetworkAccessFilteringPolicy | Where-Object -Filter { $_.Name -eq $Policy } if ($null -ne $policyInstance) { Write-Verbose -Message "Found existing Policy {$Policy}" @@ -86,12 +86,12 @@ function Get-TargetResource { Write-Verbose -Message "Retrieving Filtering Policy Rule by Id {$Id}" $instance = Get-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policyInstance.Id ` - -PolicyRuleId Id -ErrorAction SilentlyContinue + -PolicyRuleId Id -ErrorAction SilentlyContinue } if ($null -eq $instance) { Write-Verbose -Message "Retrieving Filtering Policy Rule by Name {$Name}" - $instance = Get-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policyInstance.Id | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = Get-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policyInstance.Id | Where-Object -FilterScript { $_.Name -eq $Name } } } if ($null -eq $instance) @@ -111,7 +111,7 @@ function Get-TargetResource elseif ($instance.AdditionalProperties.ruleType -eq 'webCategory') { $DestinationsValue += @{ - name = $destination.name + name = $destination.name } } } @@ -205,7 +205,7 @@ function Set-TargetResource $AccessTokens ) - Write-Verbose -Message "Entering the Set-TargetResource function" + Write-Verbose -Message 'Entering the Set-TargetResource function' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -220,21 +220,21 @@ function Set-TargetResource #endregion $currentInstance = Get-TargetResource @PSBoundParameters - $policyInstance = Get-MgBetaNetworkAccessFilteringPolicy | Where-Object -Filter {$_.Name -eq $Policy} + $policyInstance = Get-MgBetaNetworkAccessFilteringPolicy | Where-Object -Filter { $_.Name -eq $Policy } if ($RuleType -eq 'webCategory') { $instanceParams = @{ - "@odata.type" = "#microsoft.graph.networkaccess.webCategoryFilteringRule" + '@odata.type' = '#microsoft.graph.networkaccess.webCategoryFilteringRule' name = $Name ruleType = $RuleType - destinations = @() + destinations = @() } foreach ($destination in $Destinations) { $instanceParams.destinations += @{ - "@odata.type" = "#microsoft.graph.networkaccess.webCategory" + '@odata.type' = '#microsoft.graph.networkaccess.webCategory' name = $destination.name } } @@ -242,7 +242,7 @@ function Set-TargetResource elseif ($RuleType -eq 'fqdn') { $instanceParams = @{ - "@odata.type" = "#microsoft.graph.networkaccess.fqdnFilteringRule" + '@odata.type' = '#microsoft.graph.networkaccess.fqdnFilteringRule' name = $Name ruleType = $RuleType destinations = @() @@ -251,7 +251,7 @@ function Set-TargetResource foreach ($destination in $Destinations) { $instanceParams.destinations += @{ - "@odata.type" = "#microsoft.graph.networkaccess.fqdn" + '@odata.type' = '#microsoft.graph.networkaccess.fqdn' value = $destination.value } } @@ -262,7 +262,7 @@ function Set-TargetResource { Write-Verbose -Message "Creating new Filtering Policy Rule {$Name}" New-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policyInstance.Id ` - -BodyParameter $instanceParams + -BodyParameter $instanceParams } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -270,15 +270,15 @@ function Set-TargetResource Write-Verbose -Message "Updating Filtering Policy Rule {$Name}" $instanceParams.Remove('ruleType') | Out-Null Update-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policyInstance.Id ` - -PolicyRuleId $currentInstance.Id ` - -BodyParameter $instanceParams + -PolicyRuleId $currentInstance.Id ` + -BodyParameter $instanceParams } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing Filtering Policy Rule {$Name}" Remove-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policyInstance.Id ` - -PolicyRuleId $currentInstance.Id + -PolicyRuleId $currentInstance.Id } } @@ -464,7 +464,7 @@ function Export-TargetResource $displayedKey = $policy.Name Write-Host " |---[$i/$($policies.Count)] $displayedKey" -NoNewline $rules = Get-MgBetaNetworkAccessFilteringPolicyRule -FilteringPolicyId $policy.Id ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue if ($rules.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 index 882f42d4f4..13cc48b691 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 @@ -86,12 +86,12 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($Id)) { Write-Verbose -Message "Retrieving profile by Id {$Id}" - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { Write-Verbose -Message "Retrieving profile by Name {$Name}" - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } } else @@ -104,7 +104,7 @@ function Get-TargetResource if ($null -eq $instance) { Write-Verbose -Message "Retrieving profile by Name {$Name}" - $instance = Get-MgBetaNetworkAccessFilteringProfile -All -ExpandProperty Policies | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = Get-MgBetaNetworkAccessFilteringProfile -All -ExpandProperty Policies | Where-Object -FilterScript { $_.Name -eq $Name } } } if ($null -eq $instance) @@ -250,16 +250,16 @@ function Set-TargetResource foreach ($policy in $Policies) { - $policyInfo = Get-MgBetaNetworkAccessFilteringPolicy -All | Where-Object -FilterScript {$_.Name -eq $policy.PolicyName} + $policyInfo = Get-MgBetaNetworkAccessFilteringPolicy -All | Where-Object -FilterScript { $_.Name -eq $policy.PolicyName } if ($null -ne $policyInfo) { $entry = @{ - "@odata.type" = "#microsoft.graph.networkaccess.filteringPolicyLink" + '@odata.type' = '#microsoft.graph.networkaccess.filteringPolicyLink' loggingState = $policy.LoggingState priority = $policy.Priority state = $policy.State policy = @{ - "@odata.type" = "#microsoft.graph.networkaccess.filteringPolicy" + '@odata.type' = '#microsoft.graph.networkaccess.filteringPolicy' id = $policyInfo.Id } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 00cc64d642..538b67f9f6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -209,7 +209,7 @@ function Get-TargetResource { $OwnersValues += $owner.AdditionalProperties.userPrincipalName } - elseif($owner.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.servicePrincipal") + elseif ($owner.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.servicePrincipal') { $OwnersValues += $owner.AdditionalProperties.displayName } @@ -224,7 +224,7 @@ function Get-TargetResource $GroupAsMembersValues = @() foreach ($member in $members) { - if ($member.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.user") + if ($member.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.user') { $MembersValues += $member.AdditionalProperties.userPrincipalName } @@ -232,7 +232,7 @@ function Get-TargetResource { $MembersValues += $member.AdditionalProperties.displayName } - elseif($member.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.group") + elseif ($member.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group') { $GroupAsMembersValues += $member.AdditionalProperties.displayName } @@ -619,7 +619,7 @@ function Set-TargetResource { try { - Write-Verbose -Message "Setting Group Licenses" + Write-Verbose -Message 'Setting Group Licenses' Set-MgGroupLicense -GroupId $currentGroup.Id ` -AddLicenses $licensesToAdd ` -RemoveLicenses $licensesToRemove ` @@ -655,7 +655,7 @@ function Set-TargetResource if ($Ensure -ne 'Absent') { #Owners - Write-Verbose -Message "Updating Owners" + Write-Verbose -Message 'Updating Owners' if ($PSBoundParameters.ContainsKey('Owners')) { $currentOwnersValue = @() @@ -713,7 +713,7 @@ function Set-TargetResource } #Members - Write-Verbose -Message "Updating Members" + Write-Verbose -Message 'Updating Members' if ($MembershipRuleProcessingState -ne 'On' -and $PSBoundParameters.ContainsKey('Members')) { $currentMembersValue = @() @@ -730,7 +730,7 @@ function Set-TargetResource { $backCurrentMembers = @() } - Write-Verbose -Message "Comparing current members and desired list" + Write-Verbose -Message 'Comparing current members and desired list' $membersDiff = Compare-Object -ReferenceObject $backCurrentMembers -DifferenceObject $desiredMembersValue foreach ($diff in $membersDiff) { @@ -771,7 +771,7 @@ function Set-TargetResource } #GroupAsMembers - Write-Verbose -Message "Updating GroupAsMembers" + Write-Verbose -Message 'Updating GroupAsMembers' if ($MembershipRuleProcessingState -ne 'On' -and $PSBoundParameters.ContainsKey('GroupAsMembers')) { $currentGroupAsMembersValue = @() @@ -809,7 +809,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}" $groupAsMemberObject = @{ - "@odata.id"= $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" } New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null } @@ -823,7 +823,7 @@ function Set-TargetResource } #MemberOf - Write-Verbose -Message "Updating MemberOf" + Write-Verbose -Message 'Updating MemberOf' if ($PSBoundParameters.ContainsKey('MemberOf')) { $currentMemberOfValue = @() @@ -1120,10 +1120,11 @@ function Test-TargetResource foreach ($assignedLicense in $AssignedLicenses) { Write-Verbose "Compare DisabledPlans for SkuId $($assignedLicense.SkuId) in group {$DisplayName}" - $currentLicense = $CurrentValues.AssignedLicenses | Where-Object -FilterScript {$_.SkuId -eq $assignedLicense.SkuId} + $currentLicense = $CurrentValues.AssignedLicenses | Where-Object -FilterScript { $_.SkuId -eq $assignedLicense.SkuId } if ($assignedLicense.DisabledPlans.Count -ne 0 -or $currentLicense.DisabledPlans.Count -ne 0) { - try { + try + { $licensesDiff = Compare-Object -ReferenceObject $assignedLicense.DisabledPlans -DifferenceObject $currentLicense.DisabledPlans if ($null -ne $licensesDiff) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 index 6f20b8aabf..e3c46d2491 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 @@ -130,28 +130,28 @@ function Get-TargetResource $valueNewUnifiedGroupWritebackDefault = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'NewUnifiedGroupWritebackDefault' } $result = @{ - IsSingleInstance = 'Yes' - EnableGroupCreation = [Boolean]::Parse($valueEnableGroupCreation.Value) - EnableMIPLabels = [Boolean]::Parse($valueEnableMIPLabels.Value) - AllowGuestsToBeGroupOwner = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value) - AllowGuestsToAccessGroups = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value) - GuestUsageGuidelinesUrl = $valueGuestUsageGuidelinesUrl.Value - AllowToAddGuests = [Boolean]::Parse($valueAllowToAddGuests.Value) - UsageGuidelinesUrl = $valueUsageGuidelinesUrl.Value - Ensure = 'Present' - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Credential = $Credential - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + EnableGroupCreation = [Boolean]::Parse($valueEnableGroupCreation.Value) + EnableMIPLabels = [Boolean]::Parse($valueEnableMIPLabels.Value) + AllowGuestsToBeGroupOwner = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value) + AllowGuestsToAccessGroups = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value) + GuestUsageGuidelinesUrl = $valueGuestUsageGuidelinesUrl.Value + AllowToAddGuests = [Boolean]::Parse($valueAllowToAddGuests.Value) + UsageGuidelinesUrl = $valueUsageGuidelinesUrl.Value + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Credential = $Credential + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } if (-not [System.String]::IsNullOrEmpty($valueNewUnifiedGroupWritebackDefault.Value)) { - $result.Add('NewUnifiedGroupWritebackDefault', [Boolean]::Parse($valueNewUnifiedGroupWritebackDefault.Value)) + $result.Add('NewUnifiedGroupWritebackDefault', [Boolean]::Parse($valueNewUnifiedGroupWritebackDefault.Value)) } - + if (-not [System.String]::IsNullOrEmpty($AllowedGroupName)) { $result.Add('GroupCreationAllowedGroupName', $AllowedGroupName) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/MSFT_AADHomeRealmDiscoveryPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/MSFT_AADHomeRealmDiscoveryPolicy.psm1 index bd3c930dee..75f731e717 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/MSFT_AADHomeRealmDiscoveryPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/MSFT_AADHomeRealmDiscoveryPolicy.psm1 @@ -79,7 +79,7 @@ function Get-TargetResource $getValue = $null #region resource generator code $getValue = Get-MgBetaPolicyHomeRealmDiscoveryPolicy ` - -Filter "DisplayName eq '$DisplayName'" + -Filter "DisplayName eq '$DisplayName'" #endregion if ($null -eq $getValue) @@ -88,7 +88,8 @@ function Get-TargetResource return $nullResult } # if multiple objects with same name exist - if ($getValue -is [array]) { + if ($getValue -is [array]) + { Write-Verbose -Message "Multiple Azure AD Home Realm Discovery Policy with DisplayName {$DisplayName} found. Skipping Operation." return $nullResult } @@ -96,13 +97,14 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Home Realm Discovery Policy with DisplayName {$DisplayName} was found" $DefinitionArray = @() - foreach ($definitionValue in $getValue.definition) { + foreach ($definitionValue in $getValue.definition) + { $value = ConvertFrom-Json $definitionValue $DefinitionArray += @{ - AccelerateToFederatedDomain = $value.HomeRealmDiscoveryPolicy.AccelerateToFederatedDomain + AccelerateToFederatedDomain = $value.HomeRealmDiscoveryPolicy.AccelerateToFederatedDomain AllowCloudPasswordValidation = $value.HomeRealmDiscoveryPolicy.AllowCloudPasswordValidation - PreferredDomain = $value.HomeRealmDiscoveryPolicy.PreferredDomain - AlternateIdLogin = @{ + PreferredDomain = $value.HomeRealmDiscoveryPolicy.PreferredDomain + AlternateIdLogin = @{ Enabled = $value.HomeRealmDiscoveryPolicy.AlternateIdLogin.Enabled } } @@ -213,22 +215,27 @@ function Set-TargetResource # to get the id parameter $getValue = Get-MgBetaPolicyHomeRealmDiscoveryPolicy ` - -Filter "DisplayName eq '$DisplayName'" + -Filter "DisplayName eq '$DisplayName'" $newDefinitions = @() - foreach ($Def in $Definition) { + foreach ($Def in $Definition) + { $HomeRealmDiscoveryPolicy = @{} - if ($null -ne $Def.AccelerateToFederatedDomain){ + if ($null -ne $Def.AccelerateToFederatedDomain) + { $HomeRealmDiscoveryPolicy.Add('AccelerateToFederatedDomain', $Def.AccelerateToFederatedDomain) } - if ($null -ne $Def.AllowCloudPasswordValidation){ + if ($null -ne $Def.AllowCloudPasswordValidation) + { $HomeRealmDiscoveryPolicy.Add('AllowCloudPasswordValidation', $Def.AllowCloudPasswordValidation) } - if ($null -ne $Def.PreferredDomain){ + if ($null -ne $Def.PreferredDomain) + { $HomeRealmDiscoveryPolicy.Add('PreferredDomain', $Def.PreferredDomain) } - if ($null -ne $Def.AlternateIdLogin.Enabled){ - $HomeRealmDiscoveryPolicy.Add('AlternateIdLogin', @{Enabled = $Def.AlternateIdLogin.Enabled}) + if ($null -ne $Def.AlternateIdLogin.Enabled) + { + $HomeRealmDiscoveryPolicy.Add('AlternateIdLogin', @{Enabled = $Def.AlternateIdLogin.Enabled }) } $temp = @{ HomeRealmDiscoveryPolicy = $HomeRealmDiscoveryPolicy @@ -476,7 +483,7 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -547,14 +554,16 @@ function Get-M365DSCAADHomeRealDiscoveryPolicyDefinitionAsString { $StringContent.Append("`n MSFT_AADHomeRealDiscoveryPolicyDefinition {`r`n") | Out-Null $StringContent.Append(" PreferredDomain = '" + $definition.PreferredDomain + "'`r`n") | Out-Null - if ($null -ne $definition.AccelerateToFederatedDomain) { - $StringContent.Append(" AccelerateToFederatedDomain = $" + $definition.AccelerateToFederatedDomain + "`r`n") | Out-Null + if ($null -ne $definition.AccelerateToFederatedDomain) + { + $StringContent.Append(' AccelerateToFederatedDomain = $' + $definition.AccelerateToFederatedDomain + "`r`n") | Out-Null } - if ($null -ne $definition.AllowCloudPasswordValidation) { - $StringContent.Append(" AllowCloudPasswordValidation = $" + $definition.AllowCloudPasswordValidation + "`r`n") | Out-Null + if ($null -ne $definition.AllowCloudPasswordValidation) + { + $StringContent.Append(' AllowCloudPasswordValidation = $' + $definition.AllowCloudPasswordValidation + "`r`n") | Out-Null } $StringContent.Append(" AlternateIdLogin = MSFT_AADHomeRealDiscoveryPolicyDefinitionAlternateIdLogin {`r`n") | Out-Null - $StringContent.Append(" Enabled = $" + $definition.AlternateIdLogin.Enabled + "`r`n") | Out-Null + $StringContent.Append(' Enabled = $' + $definition.AlternateIdLogin.Enabled + "`r`n") | Out-Null $StringContent.Append(" }`r`n") | Out-Null $StringContent.Append(" }`r`n") | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/settings.json index b3c6ae18bd..30dd05e381 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADHomeRealmDiscoveryPolicy/settings.json @@ -1,33 +1,32 @@ { "resourceName": "AADHomeRealmDiscoveryPolicy", "description": "This resource configures an Azure AD Home Realm Discovery Policy.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Policy.Read.All" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - }, - "application": { - "read": [ - { - "name": "Policy.Read.All" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.Read.All" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.Read.All" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/MSFT_AADIdentityAPIConnector.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/MSFT_AADIdentityAPIConnector.psm1 index 04f48ad77f..ce9c1eb5be 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/MSFT_AADIdentityAPIConnector.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/MSFT_AADIdentityAPIConnector.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaIdentityAPIConnector -IdentityApiConnectorId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaIdentityApiConnector -IdentityApiConnectorId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -95,9 +95,9 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgBetaIdentityAPIConnector ` + $getValue = Get-MgBetaIdentityApiConnector ` -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue } } #endregion @@ -112,7 +112,8 @@ function Get-TargetResource #region resource generator code $complexAuthenticationConfiguration = @{} - if($null -ne $getValue.AuthenticationConfiguration.AdditionalProperties.password) { + if ($null -ne $getValue.AuthenticationConfiguration.AdditionalProperties.password) + { $securePassword = ConvertTo-SecureString $getValue.AuthenticationConfiguration.AdditionalProperties.password -AsPlainText -Force $Password = New-Object System.Management.Automation.PSCredential ('Password', $securePassword) @@ -122,13 +123,13 @@ function Get-TargetResource $complexCertificates = @() foreach ($currentCertificate in $getValue.AuthenticationConfiguration.AdditionalProperties.certificateList) { - $myCertificate= @{} - $myCertificate.Add('Pkcs12Value', "Please insert a valid Pkcs12Value") + $myCertificate = @{} + $myCertificate.Add('Pkcs12Value', "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ('Please insert a valid Pkcs12Value') -AsPlainText -Force))") $myCertificate.Add('Thumbprint', $currentCertificate.thumbprint) - $myCertificate.Add('Password', "Please insert a valid Password for the certificate") + $myCertificate.Add('Password', "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ('Please insert a valid Password for the certificate') -AsPlainText -Force))") $myCertificate.Add('IsActive', $currentCertificate.isActive) - if ($myCertificate.values.Where({$null -ne $_}).Count -gt 0) + if ($myCertificate.values.Where({ $null -ne $_ }).Count -gt 0) { $complexCertificates += $myCertificate } @@ -137,19 +138,19 @@ function Get-TargetResource $results = @{ #region resource generator code - DisplayName = $getValue.DisplayName - TargetUrl = $getValue.TargetUrl - Id = $getValue.Id - Username = $getValue.AuthenticationConfiguration.AdditionalProperties.username - Password = $Password - Certificates = $complexCertificates - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + DisplayName = $getValue.DisplayName + TargetUrl = $getValue.TargetUrl + Id = $getValue.Id + Username = $getValue.AuthenticationConfiguration.AdditionalProperties.username + Password = $Password + Certificates = $complexCertificates + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent #endregion } @@ -252,11 +253,13 @@ function Set-TargetResource # If the certificates array is not empty, then we need to create a new instance of New-MgBetaAADIdentityAPIConnector $needToUpdateCertificates = $false - if($null -ne $Certificates -and $Certificates.Count -gt 0) { + if ($null -ne $Certificates -and $Certificates.Count -gt 0) + { $needToUpdateCertificates = $true } - if($needToUpdateCertificates -eq $false) { + if ($needToUpdateCertificates -eq $false) + { if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Azure AD Identity API Connector with DisplayName {$DisplayName}" @@ -268,16 +271,17 @@ function Set-TargetResource $createParameters.Remove('Password') | Out-Null $createParameters.Remove('Pkcs12Value') | Out-Null - if($username -ne $null) { - $createParameters.Add("AuthenticationConfiguration", @{ - '@odata.type' = "microsoft.graph.basicAuthentication" - "password" = $Password.GetNetworkCredential().Password - "username" = $Username - }) + if ($username -ne $null) + { + $createParameters.Add('AuthenticationConfiguration', @{ + '@odata.type' = 'microsoft.graph.basicAuthentication' + 'password' = $Password.GetNetworkCredential().Password + 'username' = $Username + }) } - $createParameters.Add("@odata.type", "#microsoft.graph.IdentityApiConnector") - $policy = New-MgBetaIdentityAPIConnector -BodyParameter $createParameters + $createParameters.Add('@odata.type', '#microsoft.graph.IdentityApiConnector') + $policy = New-MgBetaIdentityApiConnector -BodyParameter $createParameters } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -291,29 +295,31 @@ function Set-TargetResource $updateParameters.Remove('Password') | Out-Null $updateParameters.Remove('Pkcs12Value') | Out-Null - $updateParameters.Add("AuthenticationConfiguration", @{ - '@odata.type' = "microsoft.graph.basicAuthentication" - "password" = $Password.GetNetworkCredential().Password - "username" = $Username - }) + $updateParameters.Add('AuthenticationConfiguration', @{ + '@odata.type' = 'microsoft.graph.basicAuthentication' + 'password' = $Password.GetNetworkCredential().Password + 'username' = $Username + }) - $UpdateParameters.Add("@odata.type", "#microsoft.graph.IdentityApiConnector") - Update-MgBetaIdentityAPIConnector ` - -IdentityApiConnectorId $currentInstance.Id ` - -BodyParameter $UpdateParameters + $UpdateParameters.Add('@odata.type', '#microsoft.graph.IdentityApiConnector') + Update-MgBetaIdentityApiConnector ` + -IdentityApiConnectorId $currentInstance.Id ` + -BodyParameter $UpdateParameters } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing the Azure AD Identity API Connector with Id {$($currentInstance.Id)}" - Remove-MgBetaIdentityAPIConnector -IdentityApiConnectorId $currentInstance.Id + Remove-MgBetaIdentityApiConnector -IdentityApiConnectorId $currentInstance.Id } } - else { + else + { # Remove the existing instance if already present - if($currentInstance.Ensure -ne 'Absent') { + if ($currentInstance.Ensure -ne 'Absent') + { Write-Verbose -Message "Removing the Azure AD Identity API Connector with Id {$($currentInstance.Id)}" - Remove-MgBetaIdentityAPIConnector -IdentityApiConnectorId $currentInstance.Id + Remove-MgBetaIdentityApiConnector -IdentityApiConnectorId $currentInstance.Id } # Create a new instance with the certificates @@ -335,40 +341,45 @@ function Set-TargetResource $myCertificate.Add('Pkcs12Value', ($currentCertificate.Pkcs12Value).Password) $myCertificate.Add('Password', ($currentCertificate.Password).Password) - if($currentCertificate.IsActive -eq $true) { + if ($currentCertificate.IsActive -eq $true) + { $activeCertificates += $myCertificate } - else { + else + { $inactiveCertificates += $myCertificate } } # Only one certificate can be active - if($activeCertificates.Count -ne 1) { - Write-Error "There should be one active certificate" + if ($activeCertificates.Count -ne 1) + { + Write-Error 'There should be one active certificate' throw } - - if($inactiveCertificates.Count -eq 0) { - $createParameters.Add("AuthenticationConfiguration", @{ - '@odata.type' = "microsoft.graph.pkcs12Certificate" - "password" = $activeCertificates[0].Password - "pkcs12Value" = $activeCertificates[0].Pkcs12Value - }) + + if ($inactiveCertificates.Count -eq 0) + { + $createParameters.Add('AuthenticationConfiguration', @{ + '@odata.type' = 'microsoft.graph.pkcs12Certificate' + 'password' = $activeCertificates[0].Password + 'pkcs12Value' = $activeCertificates[0].Pkcs12Value + }) $activeCertificates = $activeCertificates[1..$activeCertificates.Count] } - else { - $createParameters.Add("AuthenticationConfiguration", @{ - '@odata.type' = "microsoft.graph.pkcs12Certificate" - "password" = $inactiveCertificates[0].Password - "pkcs12Value" = $inactiveCertificates[0].Pkcs12Value - }) + else + { + $createParameters.Add('AuthenticationConfiguration', @{ + '@odata.type' = 'microsoft.graph.pkcs12Certificate' + 'password' = $inactiveCertificates[0].Password + 'pkcs12Value' = $inactiveCertificates[0].Pkcs12Value + }) # remove the first element from the inactive certificates $inactiveCertificates = $inactiveCertificates[1..$inactiveCertificates.Count] } - $createParameters.Add("@odata.type", "#microsoft.graph.IdentityApiConnector") - $policy = New-MgBetaIdentityAPIConnector -BodyParameter $createParameters + $createParameters.Add('@odata.type', '#microsoft.graph.IdentityApiConnector') + $policy = New-MgBetaIdentityApiConnector -BodyParameter $createParameters # Upload the inactive certificates @@ -376,7 +387,7 @@ function Set-TargetResource { $params = @{ pkcs12Value = $currentCertificate.Pkcs12Value - password = $currentCertificate.Password + password = $currentCertificate.Password } Invoke-MgBetaUploadIdentityApiConnectorClientCertificate -IdentityApiConnectorId $policy.Id -BodyParameter $params @@ -387,7 +398,7 @@ function Set-TargetResource { $params = @{ pkcs12Value = $currentCertificate.Pkcs12Value - password = $currentCertificate.Password + password = $currentCertificate.Password } Invoke-MgBetaUploadIdentityApiConnectorClientCertificate -IdentityApiConnectorId $policy.Id -BodyParameter $params @@ -494,7 +505,7 @@ function Test-TargetResource $target = $CurrentValues.$key if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') { - + # create a list of thumbprints from the source list $sourceThumbprints = @() foreach ($item in $source) @@ -528,7 +539,7 @@ function Test-TargetResource { Write-Verbose -Message "Target Thumbprints: $(Convert-M365DscHashtableToString -Hashtable $item)" } - + # check if the lists are identical $compareResult = $true if ($sourceThumbprints.Count -ne $targetThumbprints.Count) @@ -548,7 +559,7 @@ function Test-TargetResource } } - if($compareResult -eq $true) + if ($compareResult -eq $true) { $ValuesToCheck.Remove($key) | Out-Null } @@ -632,7 +643,7 @@ function Export-TargetResource try { #region resource generator code - [array]$getValue = Get-MgBetaIdentityAPIConnector ` + [array]$getValue = Get-MgBetaIdentityApiConnector ` -Filter $Filter ` -All ` -ErrorAction Stop @@ -650,6 +661,11 @@ function Export-TargetResource } foreach ($config in $getValue) { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Id if (-not [String]::IsNullOrEmpty($config.displayName)) { @@ -661,30 +677,29 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params - $Results.Password = "Please insert a valid Password" + $Results.Password = "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ('Please insert a valid Password') -AsPlainText -Force));" $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($null -ne $Results.Certificates) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.Certificates` - -CIMInstanceName 'AADIdentityAPIConnectionCertificate' + -ComplexObject $Results.Certificates` + -CIMInstanceName 'AADIdentityAPIConnectionCertificate' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.Certificates = $complexTypeStringResult @@ -704,9 +719,16 @@ function Export-TargetResource if ($Results.Certificates) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Certificates" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Certificates' -IsCIMArray:$True } + # Replace the main password variable. + $currentDSCBlock = $currentDSCBlock.Replace('"New-Object System.', 'New-Object System.').Replace(') -AsPlainText -Force));";', ') -AsPlainText -Force));') + + # Replace the certificate variables. + $currentDSCBlock = $currentDSCBlock.Replace("'New-Object System.", "New-Object System.").Replace(" -Force))'", " -Force))") + $currentDSCBlock = $currentDSCBlock.Replace("(ConvertTo-SecureString (''", "(ConvertTo-SecureString ('").Replace("''Password''", "'Password'").Replace("'') -AsPlainText", "') -AsPlainText") + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/settings.json index 327fd87153..63bb04b661 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityAPIConnector/settings.json @@ -1,25 +1,16 @@ { "resourceName": "AADIdentityAPIConnector", "description": "This resource configures an Azure AD Identity A P I Connector.", - "permissions": { - "graph": { - "delegated": { - "read": [ - - ], - "update": [ - - ] - }, - "application": { - "read": [ - - ], - "update": [ - - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 index fc5e7abded..c0973a0bee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 @@ -92,10 +92,10 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Identity B2 X User Flow with Id {$Id} was found" #region Get ApiConnectorConfiguration - $connectorConfiguration = Get-MgBetaIdentityB2XUserFlowApiConnectorConfiguration -B2xIdentityUserFlowId $Id -ExpandProperty "postFederationSignup,postAttributeCollection" + $connectorConfiguration = Get-MgBetaIdentityB2XUserFlowApiConnectorConfiguration -B2XIdentityUserFlowId $Id -ExpandProperty 'postFederationSignup,postAttributeCollection' $complexApiConnectorConfiguration = @{ - postFederationSignupConnectorName = Get-ConnectorName($connectorConfiguration.PostFederationSignup.DisplayName) + postFederationSignupConnectorName = Get-ConnectorName($connectorConfiguration.PostFederationSignup.DisplayName) postAttributeCollectionConnectorName = Get-ConnectorName($connectorConfiguration.PostAttributeCollection.DisplayName) } #endregion @@ -116,16 +116,16 @@ function Get-TargetResource foreach ($getUserAttributeAssignmentAttributeValue in $getUserAttributeAssignment.UserAttributeValues) { $getuserAttributeValues += @{ - Name = $getUserAttributeAssignmentAttributeValue.Name - Value = $getUserAttributeAssignmentAttributeValue.Value + Name = $getUserAttributeAssignmentAttributeValue.Name + Value = $getUserAttributeAssignmentAttributeValue.Value IsDefault = $getUserAttributeAssignmentAttributeValue.IsDefault } } $complexUserAttributeAssignments += @{ - Id = $getUserAttributeAssignment.Id - DisplayName = $getUserAttributeAssignment.DisplayName - IsOptional = $getUserAttributeAssignment.IsOptional - UserInputType = $getUserAttributeAssignment.UserInputType + Id = $getUserAttributeAssignment.Id + DisplayName = $getUserAttributeAssignment.DisplayName + IsOptional = $getUserAttributeAssignment.IsOptional + UserInputType = $getUserAttributeAssignment.UserInputType UserAttributeValues = $getuserAttributeValues } } @@ -257,9 +257,9 @@ function Set-TargetResource #endregion $params = @{ - id = $Id - userFlowType = "signUpOrSignIn" - userFlowTypeVersion = 1 + id = $Id + userFlowType = 'signUpOrSignIn' + userFlowTypeVersion = 1 apiConnectorConfiguration = $newApiConnectorConfiguration } @@ -269,7 +269,7 @@ function Set-TargetResource foreach ($provider in $IdentityProviders) { $params = @{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the newly created Azure AD Identity B2X User Flow with Id {$($newObj.Id)}" @@ -280,16 +280,16 @@ function Set-TargetResource #region Add UserAtrributeAssignments to the newly created object $currentAttributes = Get-MgBetaIdentityB2XUserFlowUserAttributeAssignment -B2XIdentityUserFlowId $newObj.Id | Select-Object -ExpandProperty Id - $attributesToAdd = $UserAttributeAssignments | Where-Object {$_.Id -notin $currentAttributes} + $attributesToAdd = $UserAttributeAssignments | Where-Object { $_.Id -notin $currentAttributes } foreach ($userAttributeAssignment in $attributesToAdd) { $params = @{ - displayName = $userAttributeAssignment.DisplayName - isOptional = $userAttributeAssignment.IsOptional - userInputType = $userAttributeAssignment.UserInputType + displayName = $userAttributeAssignment.DisplayName + isOptional = $userAttributeAssignment.IsOptional + userInputType = $userAttributeAssignment.UserInputType userAttributeValues = @() - userAttribute = @{ + userAttribute = @{ id = $userAttributeAssignment.Id } } @@ -297,9 +297,9 @@ function Set-TargetResource foreach ($userAttributeValue in $userAttributeAssignment.UserAttributeValues) { $params['userAttributeValues'] += @{ - "Name" = $userAttributeValue.Name - "Value" = $userAttributeValue.Value - "IsDefault" = $userAttributeValue.IsDefault + 'Name' = $userAttributeValue.Name + 'Value' = $userAttributeValue.Value + 'IsDefault' = $userAttributeValue.IsDefault } } @@ -318,33 +318,33 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postFederationSignupConnectorName)'" $params = @{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Federation Signup connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" - Set-MgBetaIdentityB2XUserFlowPostFederationSignupByRef -B2xIdentityUserFlowId $currentInstance.Id -BodyParameter $params + Set-MgBetaIdentityB2XUserFlowPostFederationSignupByRef -B2XIdentityUserFlowId $currentInstance.Id -BodyParameter $params } if (-not [string]::IsNullOrEmpty($ApiConnectorConfiguration.postAttributeCollectionConnectorName)) { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postAttributeCollectionConnectorName)'" $params = @{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Attribute Collection connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" - Set-MgBetaIdentityB2XUserFlowPostAttributeCollectionByRef -B2xIdentityUserFlowId $currentInstance.Id -BodyParameter $params + Set-MgBetaIdentityB2XUserFlowPostAttributeCollectionByRef -B2XIdentityUserFlowId $currentInstance.Id -BodyParameter $params } #endregion #region Add or Remove Identity Providers on the current instance - $providersToAdd = $IdentityProviders | Where-Object {$_ -notin $currentInstance.IdentityProviders} + $providersToAdd = $IdentityProviders | Where-Object { $_ -notin $currentInstance.IdentityProviders } foreach ($provider in $providersToAdd) { $params = @{ - "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" + '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -352,7 +352,7 @@ function Set-TargetResource New-MgBetaIdentityB2XUserFlowIdentityProviderByRef -B2XIdentityUserFlowId $currentInstance.Id -BodyParameter $params } - $providersToRemove = $currentInstance.IdentityProviders | Where-Object {$_ -notin $IdentityProviders} + $providersToRemove = $currentInstance.IdentityProviders | Where-Object { $_ -notin $IdentityProviders } foreach ($provider in $providersToRemove) { Write-Verbose -Message "Removing the Identity Provider with Id {$provider} from the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -362,7 +362,7 @@ function Set-TargetResource #endregion #region Add, remove or update User Attribute Assignments on the current instance - $attributesToRemove = $currentInstance.UserAttributeAssignments | Where-Object {$_.Id -notin $UserAttributeAssignments.Id} + $attributesToRemove = $currentInstance.UserAttributeAssignments | Where-Object { $_.Id -notin $UserAttributeAssignments.Id } #Remove foreach ($userAttributeAssignment in $attributesToRemove) @@ -376,24 +376,24 @@ function Set-TargetResource foreach ($userAttributeAssignment in $UserAttributeAssignments) { $params = @{ - displayName = $userAttributeAssignment.DisplayName - isOptional = $userAttributeAssignment.IsOptional - userInputType = $userAttributeAssignment.UserInputType + displayName = $userAttributeAssignment.DisplayName + isOptional = $userAttributeAssignment.IsOptional + userInputType = $userAttributeAssignment.UserInputType userAttributeValues = @() } foreach ($userAttributeValue in $userAttributeAssignment.UserAttributeValues) { $params['userAttributeValues'] += @{ - "Name" = $userAttributeValue.Name - "Value" = $userAttributeValue.Value - "IsDefault" = $userAttributeValue.IsDefault + 'Name' = $userAttributeValue.Name + 'Value' = $userAttributeValue.Value + 'IsDefault' = $userAttributeValue.IsDefault } } if ($userAttributeAssignment.Id -notin $currentInstance.UserAttributeAssignments.Id) { - $params["userAttribute"] = @{ + $params['userAttribute'] = @{ id = $userAttributeAssignment.Id } @@ -405,7 +405,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating the User Attribute Assignment with Id {$($userAttributeAssignment.Id)} in the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" - Update-MgBetaIdentityB2XUserFlowUserAttributeAssignment -B2xIdentityUserFlowId $currentInstance.Id -IdentityUserFlowAttributeAssignmentId $userAttributeAssignment.Id -BodyParameter $params + Update-MgBetaIdentityB2XUserFlowUserAttributeAssignment -B2XIdentityUserFlowId $currentInstance.Id -IdentityUserFlowAttributeAssignmentId $userAttributeAssignment.Id -BodyParameter $params } } #endregion @@ -619,15 +619,15 @@ function Export-TargetResource $displayedKey = $config.Id Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -652,9 +652,9 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserAttributeValues' + Name = 'UserAttributeValues' CimInstanceName = 'MicrosoftGraphuserFlowUserAttributeAssignmentUserAttributeValues' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -679,11 +679,11 @@ function Export-TargetResource -Credential $Credential if ($Results.ApiConnectorConfiguration) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ApiConnectorConfiguration" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ApiConnectorConfiguration' -IsCIMArray:$False } if ($Results.UserAttributeAssignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserAttributeAssignments" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserAttributeAssignments' -IsCIMArray:$True } $dscContent += $currentDSCBlock @@ -708,11 +708,15 @@ function Export-TargetResource } } -function Get-ConnectorName($connectorName) { - if ($null -ne $connectorName) { +function Get-ConnectorName($connectorName) +{ + if ($null -ne $connectorName) + { return $connectorName - } else { - return "" + } + else + { + return '' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/settings.json index d6df4d957a..def01e9efb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/settings.json @@ -1,29 +1,24 @@ { "resourceName": "AADIdentityB2XUserFlow", "description": "This resource configures an Azure AD Identity B2 X User Flow.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "IdentityUserFlow.Read.All" - } - ], - "update": [ - - ] - }, - "application": { - "read": [ - { - "name": "IdentityUserFlow.Read.All" - } - ], - "update": [ - - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "IdentityUserFlow.Read.All" + } + ], + "update": [] + }, + "application": { + "read": [ + { + "name": "IdentityUserFlow.Read.All" + } + ], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 index 1995d3719c..1513fd43c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflow/MSFT_AADIdentityGovernanceLifecycleWorkflow.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } else { @@ -99,27 +99,28 @@ function Get-TargetResource } $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -WorkflowId $instance.Id - if($null -ne $instance) { + if ($null -ne $instance) + { $executionConditionsResults = Get-M365DSCIdentityGovernanceWorkflowExecutionConditions -WorkflowId $instance.Id $taskResults = Get-M365DSCIdentityGovernanceTasks -WorkflowId $instance.Id } $results = @{ - DisplayName = $DisplayName; - Description = $instance.Description; - Category = $instance.Category; - IsEnabled = $instance.IsEnabled; - IsSchedulingEnabled = $instance.IsSchedulingEnabled; - Tasks = [Array]$taskResults - ExecutionConditions = $executionConditionsResults - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + DisplayName = $DisplayName + Description = $instance.Description + Category = $instance.Category + IsEnabled = $instance.IsEnabled + IsSchedulingEnabled = $instance.IsSchedulingEnabled + Tasks = [Array]$taskResults + ExecutionConditions = $executionConditionsResults + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -219,33 +220,38 @@ function Set-TargetResource $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - if ($null -ne $ExecutionConditions){ + if ($null -ne $ExecutionConditions) + { $executionConditionsResult = @{ - Scope = @{ - Rule = $ExecutionConditions.ScopeValue.Rule - "@odata.type" = $ExecutionConditions.ScopeValue.ODataType + Scope = @{ + Rule = $ExecutionConditions.ScopeValue.Rule + '@odata.type' = $ExecutionConditions.ScopeValue.ODataType } - Trigger = @{ - OffsetInDays = $ExecutionConditions.TriggerValue.OffsetInDays + Trigger = @{ + OffsetInDays = $ExecutionConditions.TriggerValue.OffsetInDays TimeBasedAttribute = $ExecutionConditions.TriggerValue.TimeBasedAttribute - "@odata.type" = $ExecutionConditions.TriggerValue.ODataType + '@odata.type' = $ExecutionConditions.TriggerValue.ODataType } - "@odata.type" = $ExecutionConditions.ODataType + '@odata.type' = $ExecutionConditions.ODataType } $setParameters.Remove('ExecutionConditions') $setParameters.Add('executionConditions', $executionConditionsResult) } - if ($null -ne $Tasks) { + if ($null -ne $Tasks) + { $taskList = @() # Loop through each task and create a hashtable - foreach ($task in $Tasks) { + foreach ($task in $Tasks) + { [Array]$argumentsArray = @() - if ($task.Arguments) { - foreach ($arg in $task.Arguments) { + if ($task.Arguments) + { + foreach ($arg in $task.Arguments) + { # Create a hashtable for each argument $argumentsArray += @{ Name = $arg.Name.ToString() @@ -263,7 +269,7 @@ function Set-TargetResource TaskDefinitionId = $task.TaskDefinitionId # If Arguments exist, populate the hashtable - Arguments = [Array]$argumentsArray + Arguments = [Array]$argumentsArray } # Add the task hashtable to the task list @@ -403,7 +409,8 @@ function Test-TargetResource { $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -413,12 +420,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -577,17 +584,20 @@ function Get-M365DSCIdentityGovernanceTasks # Initialize an array to hold the hashtables $taskList = @() - if($null -eq $tasks) + if ($null -eq $tasks) { return $taskList } # Loop through each task and create a hashtable - foreach ($task in $tasks) { + foreach ($task in $tasks) + { [Array]$argumentsArray = @() - if ($task.Arguments) { - foreach ($arg in $task.Arguments) { + if ($task.Arguments) + { + foreach ($arg in $task.Arguments) + { # Create a hashtable for each argument $argumentsArray += @{ Name = $arg.Name.ToString() @@ -605,7 +615,7 @@ function Get-M365DSCIdentityGovernanceTasks TaskDefinitionId = $task.TaskDefinitionId # If Arguments exist, populate the hashtable - Arguments = [Array]$argumentsArray + Arguments = [Array]$argumentsArray } # Add the task hashtable to the task list @@ -632,11 +642,11 @@ function Get-M365DSCIdentityGovernanceTasksAsString { $StringContent.Append("`n MSFT_AADIdentityGovernanceTask {`r`n") | Out-Null $StringContent.Append(" DisplayName = '" + $task.DisplayName + "'`r`n") | Out-Null - $StringContent.Append(" Description = '" + $task.Description.replace("'","''") + "'`r`n") | Out-Null + $StringContent.Append(" Description = '" + $task.Description.replace("'", "''") + "'`r`n") | Out-Null $StringContent.Append(" Category = '" + $task.Category + "'`r`n") | Out-Null - $StringContent.Append(" IsEnabled = $" + $task.IsEnabled + "`r`n") | Out-Null - $StringContent.Append(" ExecutionSequence = " + $task.ExecutionSequence + "`r`n") | Out-Null - $StringContent.Append(" ContinueOnError = $" + $task.ContinueOnError + "`r`n") | Out-Null + $StringContent.Append(' IsEnabled = $' + $task.IsEnabled + "`r`n") | Out-Null + $StringContent.Append(' ExecutionSequence = ' + $task.ExecutionSequence + "`r`n") | Out-Null + $StringContent.Append(' ContinueOnError = $' + $task.ContinueOnError + "`r`n") | Out-Null $StringContent.Append(" TaskDefinitionId = '" + $task.TaskDefinitionId + "'`r`n") | Out-Null if ($task.Arguments.Length -gt 0) @@ -675,26 +685,28 @@ function Get-M365DSCIdentityGovernanceWorkflowExecutionConditions $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflow -WorkflowId $WorkflowId $executionConditionsResult = @{} - if($null -ne $instance -and $null -ne $instance.ExecutionConditions){ + if ($null -ne $instance -and $null -ne $instance.ExecutionConditions) + { $executionConditions = $instance.ExecutionConditions.AdditionalProperties $executionConditionsResult = @{ - ScopeValue = @{ - Rule = $ExecutionConditions['scope']['rule'] + ScopeValue = @{ + Rule = $ExecutionConditions['scope']['rule'] OdataType = $ExecutionConditions['scope']['@odata.type'] } TriggerValue = @{ - OffsetInDays = $ExecutionConditions['trigger']['offsetInDays'] + OffsetInDays = $ExecutionConditions['trigger']['offsetInDays'] TimeBasedAttribute = $ExecutionConditions['trigger']['timeBasedAttribute'] - ODataType = $ExecutionConditions['trigger']['@odata.type'] + ODataType = $ExecutionConditions['trigger']['@odata.type'] } - OdataType = $ExecutionConditions['@odata.type'] + OdataType = $ExecutionConditions['@odata.type'] } } return $executionConditionsResult } -function Get-M365DSCIdentityGovernanceWorkflowExecutionConditionsAsString { +function Get-M365DSCIdentityGovernanceWorkflowExecutionConditionsAsString +{ [CmdletBinding()] [OutputType([System.String])] param ( @@ -708,29 +720,32 @@ function Get-M365DSCIdentityGovernanceWorkflowExecutionConditionsAsString { $StringContent.Append("MSFT_IdentityGovernanceWorkflowExecutionConditions {`r`n") | Out-Null # Scope section - if ($null -ne $ExecutionConditions.ScopeValue) { + if ($null -ne $ExecutionConditions.ScopeValue) + { $StringContent.Append(" ScopeValue = MSFT_IdentityGovernanceScope {`r`n") | Out-Null - $StringContent.Append(" Rule = '" + $ExecutionConditions.ScopeValue.Rule.replace("'","''") + "'`r`n") | Out-Null + $StringContent.Append(" Rule = '" + $ExecutionConditions.ScopeValue.Rule.replace("'", "''") + "'`r`n") | Out-Null $StringContent.Append(" ODataType = '" + $ExecutionConditions.ScopeValue.ODataType + "'`r`n") | Out-Null $StringContent.Append(" }`r`n") | Out-Null } # Trigger section - if ($null -ne $ExecutionConditions.TriggerValue) { + if ($null -ne $ExecutionConditions.TriggerValue) + { $StringContent.Append(" TriggerValue = MSFT_IdentityGovernanceTrigger {`r`n") | Out-Null - $StringContent.Append(" OffsetInDays = " + $ExecutionConditions.TriggerValue.OffsetInDays + "`r`n") | Out-Null + $StringContent.Append(' OffsetInDays = ' + $ExecutionConditions.TriggerValue.OffsetInDays + "`r`n") | Out-Null $StringContent.Append(" TimeBasedAttribute = '" + $ExecutionConditions.TriggerValue.TimeBasedAttribute + "'`r`n") | Out-Null $StringContent.Append(" ODataType = '" + $ExecutionConditions.TriggerValue.OdataType + "'`r`n") | Out-Null $StringContent.Append(" }`r`n") | Out-Null } # OdataType for executionConditions - if ($null -ne $ExecutionConditions.ODataType) { + if ($null -ne $ExecutionConditions.ODataType) + { $StringContent.Append(" ODataType = '" + $ExecutionConditions.ODataType + "'`r`n") | Out-Null } # End of execution conditions - $StringContent.Append(" }") | Out-Null + $StringContent.Append(' }') | Out-Null return $StringContent.ToString() } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension.psm1 index f607e9aacf..536b10d670 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension/MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension.psm1 @@ -85,11 +85,11 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } else @@ -250,31 +250,31 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParams = @{ - displayName = $DisplayName - description = $Description - endpointConfiguration = @{ - "@odata.type" = "#microsoft.graph.logicAppTriggerEndpointConfiguration" + displayName = $DisplayName + description = $Description + endpointConfiguration = @{ + '@odata.type' = '#microsoft.graph.logicAppTriggerEndpointConfiguration' subscriptionId = $EndpointConfiguration.subscriptionId resourceGroupName = $EndpointConfiguration.resourceGroupName logicAppWorkflowName = $EndpointConfiguration.logicAppWorkflowName url = $EndpointConfiguration.url } - clientConfiguration = @{ - "@odata.type" = "#microsoft.graph.customExtensionClientConfiguration" + clientConfiguration = @{ + '@odata.type' = '#microsoft.graph.customExtensionClientConfiguration' maximumRetries = $clientConfiguration.maximumRetries timeoutInMilliseconds = $clientConfiguration.timeoutInMilliseconds } authenticationConfiguration = @{ - "@odata.type" = "#microsoft.graph.azureAdPopTokenAuthentication" + '@odata.type' = '#microsoft.graph.azureAdPopTokenAuthentication' } } if ($null -ne $CallbackConfiguration) { $instanceParams.Add('callbackConfiguration', @{ - "@odata.type" = "#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration" - timeoutDuration = $CallbackConfiguration.timeoutDuration - }) + '@odata.type' = '#microsoft.graph.identityGovernance.customTaskExtensionCallbackConfiguration' + timeoutDuration = $CallbackConfiguration.timeoutDuration + }) if ($null -ne $CallbackConfiguration.AuthorizedApps) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/MSFT_AADIdentityGovernanceProgram.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/MSFT_AADIdentityGovernanceProgram.psm1 index c23efd0d87..4947911e15 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/MSFT_AADIdentityGovernanceProgram.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/MSFT_AADIdentityGovernanceProgram.psm1 @@ -85,7 +85,7 @@ function Get-TargetResource { $getValue = Get-MgBetaProgram ` -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue if ($null -ne $getValue -and $getValue.Count -gt 1) { @@ -103,16 +103,16 @@ function Get-TargetResource Write-Verbose -Message "An Azure AD Identity Governance Program with Id {$Id} and DisplayName {$DisplayName} was found" $results = @{ - Description = $getValue.Description - DisplayName = $getValue.DisplayName - Id = $getValue.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Description = $getValue.Description + DisplayName = $getValue.DisplayName + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } return [System.Collections.Hashtable] $results @@ -395,16 +395,16 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/readme.md index 35a7c419f5..3992d53fc5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityGovernanceProgram/readme.md @@ -2,4 +2,4 @@ # AADIdentityGovernanceProgram ## Description -Azure AD Identity Governance Program. +Azure AD Identity Governance Program. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 index 0f784d8b15..bdc8f788a7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProtection/policy" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' $instance = Invoke-MgGraphRequest -Method Get -Uri $url if ($null -eq $instance) @@ -153,7 +153,7 @@ function Set-TargetResource $updateJSON = ConvertTo-Json $updateParameters Write-Verbose -Message "Updating the AAD Identity Protection Policy settings with values: $updateJSON" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProtection/policy" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $updateJSON } @@ -283,7 +283,7 @@ function Export-TargetResource { $Script:ExportMode = $true - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProtection/policy" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' [array] $Script:exportedInstances = Invoke-MgGraphRequest -Method Get -Uri $url $i = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/readme.md index 40bedfad33..72cfaec1db 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/readme.md @@ -3,4 +3,4 @@ ## Description -Use this resource to monitor the identity protection policy settings in AAD. +Use this resource to monitor the identity protection policy settings in AAD. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADLifecycleWorkflowSettings/MSFT_AADLifecycleWorkflowSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADLifecycleWorkflowSettings/MSFT_AADLifecycleWorkflowSettings.psm1 index 1dcb3368d5..e348aa04a3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADLifecycleWorkflowSettings/MSFT_AADLifecycleWorkflowSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADLifecycleWorkflowSettings/MSFT_AADLifecycleWorkflowSettings.psm1 @@ -170,7 +170,7 @@ function Set-TargetResource $updateSettings = @{ WorkflowScheduleIntervalInHours = $WorkflowScheduleIntervalInHours - EmailSettings = @{ + EmailSettings = @{ SenderDomain = $SenderDomain UseCompanyBranding = $UseCompanyBranding } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index afd4aabf68..7a1aab4d46 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -31,7 +31,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('clientIpAddress','authenticatorAppGps')] + [ValidateSet('clientIpAddress', 'authenticatorAppGps')] $CountryLookupMethod, [Parameter()] @@ -199,7 +199,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet('clientIpAddress','authenticatorAppGps')] + [ValidateSet('clientIpAddress', 'authenticatorAppGps')] $CountryLookupMethod = 'clientIpAddress', [Parameter()] @@ -315,7 +315,7 @@ function Set-TargetResource Write-Verbose -Message "Creating New AAD Named Location {$Displayname)} with attributes: $VerboseAttributes" $JSONValue = ConvertTo-Json $desiredValues | Out-String Write-Verbose -Message "JSON: $JSONValue" - $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations" + $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations' Invoke-MgGraphRequest -Method POST ` -Uri $APIUrl ` -Body $JSONValue | Out-Null @@ -376,7 +376,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('clientIpAddress','authenticatorAppGps')] + [ValidateSet('clientIpAddress', 'authenticatorAppGps')] $CountryLookupMethod, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 index 9d9f749d13..4233abf5fa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 @@ -61,7 +61,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -157,44 +157,53 @@ function Set-TargetResource $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $currentPolicy = Get-MgBetaNetworkAccessForwardingPolicy -Expand * -ErrorAction SilentlyContinue | Where-Object { $_.Name -eq $setParameters.Name } - if ($Name -eq "Custom Bypass") { - foreach ($rule in $currentPolicy.PolicyRules) { + if ($Name -eq 'Custom Bypass') + { + foreach ($rule in $currentPolicy.PolicyRules) + { Remove-MgBetaNetworkAccessForwardingPolicyRule -ForwardingPolicyId $currentPolicy.Id -PolicyRuleId $rule.Id } - foreach ($rule in $setParameters.PolicyRules) { + foreach ($rule in $setParameters.PolicyRules) + { $complexDestinations = @() - foreach ($destination in $rule.Destinations) { + foreach ($destination in $rule.Destinations) + { $complexDestinations += @{ - "@odata.type" = "#microsoft.graph.networkaccess." + $rule.RuleType + '@odata.type' = '#microsoft.graph.networkaccess.' + $rule.RuleType value = $destination } } $params = @{ - "@odata.type" = "#microsoft.graph.networkaccess.internetAccessForwardingRule" - name = $rule.Name - action = $rule.ActionValue - ruleType = $rule.RuleType - ports = ($rule.Ports | ForEach-Object { $_.ToString() }) - protocol = $rule.Protocol - destinations = $complexDestinations + '@odata.type' = '#microsoft.graph.networkaccess.internetAccessForwardingRule' + name = $rule.Name + action = $rule.ActionValue + ruleType = $rule.RuleType + ports = ($rule.Ports | ForEach-Object { $_.ToString() }) + protocol = $rule.Protocol + destinations = $complexDestinations } New-MgBetaNetworkAccessForwardingPolicyRule -ForwardingPolicyId $currentPolicy.Id -BodyParameter $params } - } elseif ($currentPolicy.TrafficForwardingType -eq "m365") { + } + elseif ($currentPolicy.TrafficForwardingType -eq 'm365') + { $rulesParam = @() - foreach ($desiredRule in $setParameters.PolicyRules) { + foreach ($desiredRule in $setParameters.PolicyRules) + { $desiredRuleHashtable = Convert-M365DSCDRGComplexTypeToHashtable $desiredRule $desiredRuleHashtable.Remove('actionValue') $testResult = $false - foreach ($currentRule in $currentPolicy.PolicyRules) { + foreach ($currentRule in $currentPolicy.PolicyRules) + { $currentRuleHashtable = Get-MicrosoftGraphNetworkAccessForwardingPolicyRules -PolicyRules @($currentRule) - $currentRuleHashtable.Remove('ActionValue'); + $currentRuleHashtable.Remove('ActionValue') $testResult = Compare-M365DSCComplexObject ` - -Source ($currentRuleHashtable) ` - -Target ($desiredRuleHashtable) - if ($testResult) { + -Source ($currentRuleHashtable) ` + -Target ($desiredRuleHashtable) + if ($testResult) + { Write-Verbose "Updating: $($currentRule.Name), $($currentRule.Id)" $rulesParam += @{ ruleId = $currentRule.Id @@ -203,7 +212,8 @@ function Set-TargetResource break } } - if($testResult -eq $false){ + if ($testResult -eq $false) + { Write-Verbose "Could not find rule with the given specification: $(Convert-M365DscHashtableToString -Hashtable $desiredRuleHashtable), skipping set for this." } } @@ -213,7 +223,8 @@ function Set-TargetResource Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams } - else { + else + { Write-Verbose "Can not modify the list of poilicy rules for the forwarding policy with name: $($setParameters.Name)" } } @@ -292,7 +303,8 @@ function Test-TargetResource { $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -302,12 +314,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -417,11 +429,11 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($null -ne $Results.PolicyRules) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'PolicyRules' - } + if ($null -ne $Results.PolicyRules) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` + -ParameterName 'PolicyRules' + } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -456,17 +468,19 @@ function Get-MicrosoftGraphNetworkAccessForwardingPolicyRules ) $newPolicyRules = @() - foreach ($rule in $PolicyRules) { + foreach ($rule in $PolicyRules) + { $destinations = @() - foreach ($destination in $rule.AdditionalProperties.destinations) { + foreach ($destination in $rule.AdditionalProperties.destinations) + { $destinations += $destination.value } $newPolicyRules += @{ - Name = $rule.Name - ActionValue = $rule.AdditionalProperties.action - RuleType = $rule.AdditionalProperties.ruleType - Ports = $rule.AdditionalProperties.ports - Protocol = $rule.AdditionalProperties.protocol + Name = $rule.Name + ActionValue = $rule.AdditionalProperties.action + RuleType = $rule.AdditionalProperties.ruleType + Ports = $rule.AdditionalProperties.ports + Protocol = $rule.AdditionalProperties.protocol Destinations = $destinations } } @@ -494,8 +508,8 @@ function Get-MicrosoftGraphNetworkAccessForwardingPolicyRulesAsString $StringContent.Append(" ActionValue = '" + $rule.ActionValue + "'`r`n") | Out-Null $StringContent.Append(" RuleType = '" + $rule.RuleType + "'`r`n") | Out-Null $StringContent.Append(" Protocol = '" + $rule.Protocol + "'`r`n") | Out-Null - $StringContent.Append(" Ports = @(" + $($rule.Ports -join ", ") + ")`r`n") | Out-Null - $StringContent.Append(" Destinations = @(" + $(($rule.Destinations | ForEach-Object { "'$_'" }) -join ", ") + ")`r`n") | Out-Null + $StringContent.Append(' Ports = @(' + $($rule.Ports -join ', ') + ")`r`n") | Out-Null + $StringContent.Append(' Destinations = @(' + $(($rule.Destinations | ForEach-Object { "'$_'" }) -join ', ') + ")`r`n") | Out-Null $StringContent.Append(" }`r`n") | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingProfile/settings.json index 4a473ad41b..8f523eeac6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingProfile/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingProfile/settings.json @@ -1,4 +1,3 @@ - { "resourceName": "AADNetworkAccessForwardingProfile", "description": "This resource configures an Azure AD Network Access Forwarding Profile.", diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingConditionalAccess/MSFT_AADNetworkAccessSettingConditionalAccess.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingConditionalAccess/MSFT_AADNetworkAccessSettingConditionalAccess.psm1 index e95c5f25b9..60f3f7faa9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingConditionalAccess/MSFT_AADNetworkAccessSettingConditionalAccess.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingConditionalAccess/MSFT_AADNetworkAccessSettingConditionalAccess.psm1 @@ -59,17 +59,17 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $instance = Get-MgBetaNetworkAccessSettingCOnditionalAccess + $instance = Get-MgBetaNetworkAccessSettingConditionalAccess $results = @{ - IsSingleInstance = 'Yes' - SignalingStatus = $instance.SignalingStatus - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + SignalingStatus = $instance.SignalingStatus + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -143,7 +143,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Updating the Conditional Access Settings" + Write-Verbose -Message 'Updating the Conditional Access Settings' Update-MgBetaNetworkAccessSettingConditionalAccess -SignalingStatus $SignalingStatus } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingCrossTenantAccess/MSFT_AADNetworkAccessSettingCrossTenantAccess.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingCrossTenantAccess/MSFT_AADNetworkAccessSettingCrossTenantAccess.psm1 index a86d6e2efc..ac2645f8ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingCrossTenantAccess/MSFT_AADNetworkAccessSettingCrossTenantAccess.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingCrossTenantAccess/MSFT_AADNetworkAccessSettingCrossTenantAccess.psm1 @@ -143,7 +143,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Updating the Cross Tenant Access Settings" + Write-Verbose -Message 'Updating the Cross Tenant Access Settings' Update-MgBetaNetworkAccessSettingCrossTenantAccess -NetworkPacketTaggingStatus $NetworkPacketTaggingStatus } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 index 8f6b2b07e9..87c5b715b6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 @@ -299,16 +299,16 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark return $dscContent } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 index 0d795c2970..f0bb93c5de 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 @@ -72,10 +72,10 @@ function Get-TargetResource #region resource generator code # This GUID is ALWAYS fixed as per the documentation. - $CertificateBasedAuthConfigurationId = "29728ade-6ae4-4ee9-9103-412912537da5" + $CertificateBasedAuthConfigurationId = '29728ade-6ae4-4ee9-9103-412912537da5' $getValue = Get-MgBetaOrganizationCertificateBasedAuthConfiguration ` -CertificateBasedAuthConfigurationId $CertificateBasedAuthConfigurationId ` - -OrganizationId $OrganizationId -ErrorAction SilentlyContinue + -OrganizationId $OrganizationId -ErrorAction SilentlyContinue #endregion if ($null -eq $getValue) @@ -96,7 +96,7 @@ function Get-TargetResource $myCertificateAuthorities.Add('CertificateRevocationListUrl', $currentCertificateAuthorities.certificateRevocationListUrl) $myCertificateAuthorities.Add('DeltaCertificateRevocationListUrl', $currentCertificateAuthorities.deltaCertificateRevocationListUrl) $myCertificateAuthorities.Add('IsRootAuthority', $currentCertificateAuthorities.isRootAuthority) - if ($myCertificateAuthorities.values.Where({$null -ne $_}).Count -gt 0) + if ($myCertificateAuthorities.values.Where({ $null -ne $_ }).Count -gt 0) { $complexCertificateAuthorities += $myCertificateAuthorities } @@ -197,10 +197,10 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters # This GUID is ALWAYS fixed as per the documentation. - $CertificateBasedAuthConfigurationId = "29728ade-6ae4-4ee9-9103-412912537da5" + $CertificateBasedAuthConfigurationId = '29728ade-6ae4-4ee9-9103-412912537da5' # Delete the old configuration - Write-Verbose -Message "Removing the current Azure AD Organization Certificate Based Auth Configuration." + Write-Verbose -Message 'Removing the current Azure AD Organization Certificate Based Auth Configuration.' Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE if ($Ensure -eq 'Present') @@ -215,10 +215,10 @@ function Set-TargetResource foreach ($CertificateAuthority in $CertificateAuthorities) { $createCertAuthorities += @{ - certificate = $CertificateAuthority.Certificate - certificateRevocationListUrl = $CertificateAuthority.CertificateRevocationListUrl + certificate = $CertificateAuthority.Certificate + certificateRevocationListUrl = $CertificateAuthority.CertificateRevocationListUrl deltaCertificateRevocationListUrl = $CertificateAuthority.DeltaCertificateRevocationListUrl - isRootAuthority = $CertificateAuthority.IsRootAuthority + isRootAuthority = $CertificateAuthority.IsRootAuthority } } $params = @{ @@ -292,7 +292,7 @@ function Test-TargetResource #endregion # This GUID is ALWAYS fixed as per the documentation. - $CertificateBasedAuthConfigurationId = "29728ade-6ae4-4ee9-9103-412912537da5" + $CertificateBasedAuthConfigurationId = '29728ade-6ae4-4ee9-9103-412912537da5' Write-Verbose -Message "Testing configuration of the Azure AD Organization Certificate Based Auth Configuration with Id {$CertificateBasedAuthConfigurationId}" @@ -402,7 +402,7 @@ function Export-TargetResource try { # This GUID is ALWAYS fixed as per the documentation. - $CertificateBasedAuthConfigurationId = "29728ade-6ae4-4ee9-9103-412912537da5" + $CertificateBasedAuthConfigurationId = '29728ade-6ae4-4ee9-9103-412912537da5' $getValue = Get-MgBetaOrganization $i = 1 @@ -420,15 +420,15 @@ function Export-TargetResource $displayedKey = "CertificateBasedAuthConfigurations for $($getValue.DisplayName)" Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Ensure = 'Present' - OrganizationId = $getValue.Id - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Ensure = 'Present' + OrganizationId = $getValue.Id + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -456,7 +456,7 @@ function Export-TargetResource -Credential $Credential if ($Results.CertificateAuthorities) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "CertificateAuthorities" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'CertificateAuthorities' -IsCIMArray:$True } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/settings.json index df50b61fde..2f7db469f5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/settings.json @@ -1,29 +1,24 @@ { "resourceName": "AADOrganizationCertificateBasedAuthConfiguration", "description": "This resource configures an Azure AD Organization Certificate Based Auth Configuration.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Organization.Read.All" - } - ], - "update": [ - - ] - }, - "application": { - "read": [ - { - "name": "Organization.Read.All" - } - ], - "update": [ - - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Organization.Read.All" + } + ], + "update": [] + }, + "application": { + "read": [ + { + "name": "Organization.Read.All" + } + ], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 index 4c4d286efe..63db0e8e82 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.psm1 @@ -97,29 +97,29 @@ function Get-TargetResource else { Write-Verbose -Message 'Found existing AzureAD DirectorySetting for Password Rule Settings' - $valueBannedPasswordCheckOnPremisesMode = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'BannedPasswordCheckOnPremisesMode'} - $valueEnableBannedPasswordCheckOnPremises = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'EnableBannedPasswordCheckOnPremises'} - $valueEnableBannedPasswordCheck = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'EnableBannedPasswordCheck'} - $valueLockoutDurationInSeconds = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'LockoutDurationInSeconds'} - $valueLockoutThreshold = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'LockoutThreshold'} - $valueBannedPasswordList = $Policy.Values | Where-Object -FilterScript {$_.Name -eq 'BannedPasswordList'} + $valueBannedPasswordCheckOnPremisesMode = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'BannedPasswordCheckOnPremisesMode' } + $valueEnableBannedPasswordCheckOnPremises = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableBannedPasswordCheckOnPremises' } + $valueEnableBannedPasswordCheck = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableBannedPasswordCheck' } + $valueLockoutDurationInSeconds = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'LockoutDurationInSeconds' } + $valueLockoutThreshold = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'LockoutThreshold' } + $valueBannedPasswordList = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'BannedPasswordList' } $result = @{ - IsSingleInstance = 'Yes' + IsSingleInstance = 'Yes' BannedPasswordCheckOnPremisesMode = $valueBannedPasswordCheckOnPremisesMode.Value EnableBannedPasswordCheckOnPremises = [Boolean]::Parse($valueEnableBannedPasswordCheckOnPremises.Value) EnableBannedPasswordCheck = [Boolean]::Parse($valueEnableBannedPasswordCheck.Value) LockoutDurationInSeconds = $valueLockoutDurationInSeconds.Value LockoutThreshold = $valueLockoutThreshold.Value BannedPasswordList = $valueBannedPasswordList.Value -split "`t" # list is tab-delimited - Ensure = 'Present' - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Credential = $Credential - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Credential = $Credential + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -241,32 +241,32 @@ function Set-TargetResource { if ($property.Name -eq 'LockoutThreshold') { - $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq $property.Name } $entry.Value = $LockoutThreshold } elseif ($property.Name -eq 'LockoutDurationInSeconds') { - $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq $property.Name } $entry.Value = $LockoutDurationInSeconds } elseif ($property.Value -eq 'EnableBannedPasswordCheck') { - $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq $property.Name } $entry.Value = [System.Boolean]$EnableBannedPasswordCheck } elseif ($property.Value -eq 'BannedPasswordList') { - $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq $property.Name } $entry.Value = $BannedPasswordList -join "`t" } elseif ($property.Value -eq 'EnableBannedPasswordCheckOnPremises') { - $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq $property.Name } $entry.Value = [System.Boolean]$EnableBannedPasswordCheckOnPremises } elseif ($property.Value -eq 'BannedPasswordCheckOnPremisesMode') { - $entry = $Policy.Values | Where-Object -FilterScript {$_.Name -eq $property.Name} + $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq $property.Name } $entry.Value = $BannedPasswordCheckOnPremisesMode } $index++ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 index ee4831624e..d18a49b234 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 @@ -80,7 +80,8 @@ function Get-TargetResource $getValue = $null #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) { + if (-not [System.String]::IsNullOrEmpty($Id)) + { $getValue = Get-MgBetaNetworkAccessConnectivityRemoteNetwork -RemoteNetworkId $Id -ErrorAction SilentlyContinue } @@ -104,7 +105,8 @@ function Get-TargetResource #region resource generator code $forwardingProfilesList = @() - foreach ($forwardingProfile in $getValue.ForwardingProfiles) { + foreach ($forwardingProfile in $getValue.ForwardingProfiles) + { $forwardingProfilesList += $forwardingProfile.Name } @@ -112,18 +114,18 @@ function Get-TargetResource #endregion $results = @{ - Id = $getValue.Id - Name = $getValue.Name - Region = $getValue.Region - ForwardingProfiles = [Array]$forwardingProfilesList - DeviceLinks = [Array]$complexDeviceLinks - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Id = $getValue.Id + Name = $getValue.Name + Region = $getValue.Region + ForwardingProfiles = [Array]$forwardingProfilesList + DeviceLinks = [Array]$complexDeviceLinks + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } return [System.Collections.Hashtable] $results @@ -223,7 +225,8 @@ function Set-TargetResource #creating the forwarding policies list by getting the ids $allForwardingProfiles = Get-MgBetaNetworkAccessForwardingProfile $forwardingProfilesList = @() - foreach ($profileName in $BoundParameters.ForwardingProfiles) { + foreach ($profileName in $BoundParameters.ForwardingProfiles) + { $matchedProfile = $allForwardingProfiles | Where-Object { $_.Name -eq $profileName } $forwardingProfilesList += @{ id = $matchedProfile.Id @@ -234,9 +237,9 @@ function Set-TargetResource { Write-Verbose -Message "Creating an Azure AD Remote Network with Name {$Name}" $params = @{ - name = $BoundParameters.Name - region = $BoundParameters.Region - deviceLinks = [Array]$deviceLinksHashtable + name = $BoundParameters.Name + region = $BoundParameters.Region + deviceLinks = [Array]$deviceLinksHashtable forwardingProfiles = [Array]$forwardingProfilesList } @@ -248,27 +251,30 @@ function Set-TargetResource $currentRemoteNetwork = Get-MgBetaNetworkAccessConnectivityRemoteNetwork -RemoteNetworkId $currentInstance.Id #removing the old device links - foreach ($deviceLinkItem in $currentRemoteNetwork.DeviceLinks) { + foreach ($deviceLinkItem in $currentRemoteNetwork.DeviceLinks) + { Remove-MgBetaNetworkAccessConnectivityRemoteNetworkDeviceLink -RemoteNetworkId $currentInstance.Id -DeviceLinkId $deviceLinkItem.Id } # updating the list of device links - foreach ($deviceLinkItem in $deviceLinksHashtable) { + foreach ($deviceLinkItem in $deviceLinksHashtable) + { Write-Verbose "Device Link Hashtable: $deviceLinksItem" New-MgBetaNetworkAccessConnectivityRemoteNetworkDeviceLink -RemoteNetworkId $currentInstance.Id -BodyParameter $deviceLinkItem } # removing forwarding profiles $params = @{ - "@context" = '#$delta' - value = @(@{}) + '@context' = '#$delta' + value = @(@{}) } Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params #adding forwarding profiles if required - if ($forwardingProfilesList.Count -gt 0) { + if ($forwardingProfilesList.Count -gt 0) + { $params = @{ - "@context" = '#$delta' - value = $forwardingProfilesList + '@context' = '#$delta' + value = $forwardingProfilesList } Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params } @@ -491,16 +497,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - Name = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + Name = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -520,7 +526,7 @@ function Export-TargetResource if ($Results.DeviceLinks) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceLinks" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceLinks' } $dscContent += $currentDSCBlock @@ -545,7 +551,8 @@ function Export-TargetResource } } -function Get-MicrosoftGraphRemoteNetworkDeviceLinksHashtable { +function Get-MicrosoftGraphRemoteNetworkDeviceLinksHashtable +{ [CmdletBinding()] [OutputType([System.Collections.ArrayList])] param ( @@ -556,64 +563,139 @@ function Get-MicrosoftGraphRemoteNetworkDeviceLinksHashtable { $newDeviceLinks = @() - foreach ($deviceLink in $DeviceLinks) { + foreach ($deviceLink in $DeviceLinks) + { $newDeviceLink = @{} # Add main properties only if they are not null - if ($deviceLink.Name) { $newDeviceLink["Name"] = $deviceLink.Name } - if ($deviceLink.IpAddress) { $newDeviceLink["IPAddress"] = $deviceLink.IpAddress } - if ($deviceLink.BandwidthCapacityInMbps) { $newDeviceLink["BandwidthCapacityInMbps"] = $deviceLink.BandwidthCapacityInMbps } - if ($deviceLink.DeviceVendor) { $newDeviceLink["DeviceVendor"] = $deviceLink.DeviceVendor } + if ($deviceLink.Name) + { + $newDeviceLink['Name'] = $deviceLink.Name + } + if ($deviceLink.IpAddress) + { + $newDeviceLink['IPAddress'] = $deviceLink.IpAddress + } + if ($deviceLink.BandwidthCapacityInMbps) + { + $newDeviceLink['BandwidthCapacityInMbps'] = $deviceLink.BandwidthCapacityInMbps + } + if ($deviceLink.DeviceVendor) + { + $newDeviceLink['DeviceVendor'] = $deviceLink.DeviceVendor + } # BGP Configuration - if ($deviceLink.BgpConfiguration) { + if ($deviceLink.BgpConfiguration) + { $bgpConfig = @{} - if ($deviceLink.BgpConfiguration.Asn) { $bgpConfig["Asn"] = $deviceLink.BgpConfiguration.Asn } - if ($deviceLink.BgpConfiguration.LocalIPAddress) { $bgpConfig["LocalIPAddress"] = $deviceLink.BgpConfiguration.LocalIPAddress } - if ($deviceLink.BgpConfiguration.PeerIPAddress) { $bgpConfig["PeerIPAddress"] = $deviceLink.BgpConfiguration.PeerIPAddress } + if ($deviceLink.BgpConfiguration.Asn) + { + $bgpConfig['Asn'] = $deviceLink.BgpConfiguration.Asn + } + if ($deviceLink.BgpConfiguration.LocalIPAddress) + { + $bgpConfig['LocalIPAddress'] = $deviceLink.BgpConfiguration.LocalIPAddress + } + if ($deviceLink.BgpConfiguration.PeerIPAddress) + { + $bgpConfig['PeerIPAddress'] = $deviceLink.BgpConfiguration.PeerIPAddress + } - if ($bgpConfig.Count -gt 0) { $newDeviceLink["BgpConfiguration"] = $bgpConfig } + if ($bgpConfig.Count -gt 0) + { + $newDeviceLink['BgpConfiguration'] = $bgpConfig + } } # Redundancy Configuration - if ($deviceLink.RedundancyConfiguration) { + if ($deviceLink.RedundancyConfiguration) + { $redundancyConfig = @{} - if ($deviceLink.RedundancyConfiguration.RedundancyTier) { $redundancyConfig["RedundancyTier"] = $deviceLink.RedundancyConfiguration.RedundancyTier } - if ($deviceLink.RedundancyConfiguration.ZoneLocalIPAddress) { $redundancyConfig["ZoneLocalIPAddress"] = $deviceLink.RedundancyConfiguration.ZoneLocalIPAddress } + if ($deviceLink.RedundancyConfiguration.RedundancyTier) + { + $redundancyConfig['RedundancyTier'] = $deviceLink.RedundancyConfiguration.RedundancyTier + } + if ($deviceLink.RedundancyConfiguration.ZoneLocalIPAddress) + { + $redundancyConfig['ZoneLocalIPAddress'] = $deviceLink.RedundancyConfiguration.ZoneLocalIPAddress + } - if ($redundancyConfig.Count -gt 0) { $newDeviceLink["RedundancyConfiguration"] = $redundancyConfig } + if ($redundancyConfig.Count -gt 0) + { + $newDeviceLink['RedundancyConfiguration'] = $redundancyConfig + } } # Tunnel Configuration - if ($deviceLink.TunnelConfiguration) { + if ($deviceLink.TunnelConfiguration) + { $tunnelConfig = @{} - if ($deviceLink.TunnelConfiguration.PreSharedKey) { $tunnelConfig["PreSharedKey"] = $deviceLink.TunnelConfiguration.PreSharedKey } - if ($deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey) { $tunnelConfig["ZoneRedundancyPreSharedKey"] = $deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey } + if ($deviceLink.TunnelConfiguration.PreSharedKey) + { + $tunnelConfig['PreSharedKey'] = $deviceLink.TunnelConfiguration.PreSharedKey + } + if ($deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey) + { + $tunnelConfig['ZoneRedundancyPreSharedKey'] = $deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey + } # Additional Properties - if ($deviceLink.TunnelConfiguration.AdditionalProperties) { - if ($deviceLink.TunnelConfiguration.AdditionalProperties.saLifeTimeSeconds) { $tunnelConfig["SaLifeTimeSeconds"] = $deviceLink.TunnelConfiguration.AdditionalProperties.saLifeTimeSeconds } - if ($deviceLink.TunnelConfiguration.AdditionalProperties.ipSecEncryption) { $tunnelConfig["IPSecEncryption"] = $deviceLink.TunnelConfiguration.AdditionalProperties.ipSecEncryption } - if ($deviceLink.TunnelConfiguration.AdditionalProperties.ipSecIntegrity) { $tunnelConfig["IPSecIntegrity"] = $deviceLink.TunnelConfiguration.AdditionalProperties.ipSecIntegrity } - if ($deviceLink.TunnelConfiguration.AdditionalProperties.ikeEncryption) { $tunnelConfig["IKEEncryption"] = $deviceLink.TunnelConfiguration.AdditionalProperties.ikeEncryption } - if ($deviceLink.TunnelConfiguration.AdditionalProperties.ikeIntegrity) { $tunnelConfig["IKEIntegrity"] = $deviceLink.TunnelConfiguration.AdditionalProperties.ikeIntegrity } - if ($deviceLink.TunnelConfiguration.AdditionalProperties.dhGroup) { $tunnelConfig["DHGroup"] = $deviceLink.TunnelConfiguration.AdditionalProperties.dhGroup } - if ($deviceLink.TunnelConfiguration.AdditionalProperties.pfsGroup) { $tunnelConfig["PFSGroup"] = $deviceLink.TunnelConfiguration.AdditionalProperties.pfsGroup } - if ($deviceLink.TunnelConfiguration.AdditionalProperties["@odata.type"]) { $tunnelConfig["ODataType"] = $deviceLink.TunnelConfiguration.AdditionalProperties["@odata.type"] } - } - - if ($tunnelConfig.Count -gt 0) { $newDeviceLink["TunnelConfiguration"] = $tunnelConfig } + if ($deviceLink.TunnelConfiguration.AdditionalProperties) + { + if ($deviceLink.TunnelConfiguration.AdditionalProperties.saLifeTimeSeconds) + { + $tunnelConfig['SaLifeTimeSeconds'] = $deviceLink.TunnelConfiguration.AdditionalProperties.saLifeTimeSeconds + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties.ipSecEncryption) + { + $tunnelConfig['IPSecEncryption'] = $deviceLink.TunnelConfiguration.AdditionalProperties.ipSecEncryption + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties.ipSecIntegrity) + { + $tunnelConfig['IPSecIntegrity'] = $deviceLink.TunnelConfiguration.AdditionalProperties.ipSecIntegrity + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties.ikeEncryption) + { + $tunnelConfig['IKEEncryption'] = $deviceLink.TunnelConfiguration.AdditionalProperties.ikeEncryption + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties.ikeIntegrity) + { + $tunnelConfig['IKEIntegrity'] = $deviceLink.TunnelConfiguration.AdditionalProperties.ikeIntegrity + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties.dhGroup) + { + $tunnelConfig['DHGroup'] = $deviceLink.TunnelConfiguration.AdditionalProperties.dhGroup + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties.pfsGroup) + { + $tunnelConfig['PFSGroup'] = $deviceLink.TunnelConfiguration.AdditionalProperties.pfsGroup + } + if ($deviceLink.TunnelConfiguration.AdditionalProperties['@odata.type']) + { + $tunnelConfig['ODataType'] = $deviceLink.TunnelConfiguration.AdditionalProperties['@odata.type'] + } + } + + if ($tunnelConfig.Count -gt 0) + { + $newDeviceLink['TunnelConfiguration'] = $tunnelConfig + } } # Add the device link to the collection if it has any properties - if ($newDeviceLink.Count -gt 0) { $newDeviceLinks += $newDeviceLink } + if ($newDeviceLink.Count -gt 0) + { + $newDeviceLinks += $newDeviceLink + } } return $newDeviceLinks } -function Get-MicrosoftGraphRemoteNetworkDeviceLinksHashtableAsString { +function Get-MicrosoftGraphRemoteNetworkDeviceLinksHashtableAsString +{ [CmdletBinding()] [OutputType([System.String])] param ( @@ -625,49 +707,119 @@ function Get-MicrosoftGraphRemoteNetworkDeviceLinksHashtableAsString { $StringContent = [System.Text.StringBuilder]::new() $StringContent.Append('@(') | Out-Null - foreach ($deviceLink in $DeviceLinks) { + foreach ($deviceLink in $DeviceLinks) + { $StringContent.Append("`n MSFT_AADRemoteNetworkDeviceLink {`r`n") | Out-Null # Append main properties if not null - if ($deviceLink.Name) { $StringContent.Append(" Name = '" + $deviceLink.Name + "'`r`n") | Out-Null } - if ($deviceLink.IPAddress) { $StringContent.Append(" IPAddress = '" + $deviceLink.IPAddress + "'`r`n") | Out-Null } - if ($deviceLink.BandwidthCapacityInMbps) { $StringContent.Append(" BandwidthCapacityInMbps = '" + $deviceLink.BandwidthCapacityInMbps + "'`r`n") | Out-Null } - if ($deviceLink.DeviceVendor) { $StringContent.Append(" DeviceVendor = '" + $deviceLink.DeviceVendor + "'`r`n") | Out-Null } + if ($deviceLink.Name) + { + $StringContent.Append(" Name = '" + $deviceLink.Name + "'`r`n") | Out-Null + } + if ($deviceLink.IPAddress) + { + $StringContent.Append(" IPAddress = '" + $deviceLink.IPAddress + "'`r`n") | Out-Null + } + if ($deviceLink.BandwidthCapacityInMbps) + { + $StringContent.Append(" BandwidthCapacityInMbps = '" + $deviceLink.BandwidthCapacityInMbps + "'`r`n") | Out-Null + } + if ($deviceLink.DeviceVendor) + { + $StringContent.Append(" DeviceVendor = '" + $deviceLink.DeviceVendor + "'`r`n") | Out-Null + } # BGP Configuration - if ($deviceLink.BgpConfiguration) { + if ($deviceLink.BgpConfiguration) + { $bgpConfigAdded = $false $StringContent.Append(" BgpConfiguration = MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration {`r`n") | Out-Null - if ($deviceLink.BgpConfiguration.Asn) { $StringContent.Append(" Asn = " + $deviceLink.BgpConfiguration.Asn + "`r`n") | Out-Null; $bgpConfigAdded = $true } - if ($deviceLink.BgpConfiguration.LocalIPAddress) { $StringContent.Append(" LocalIPAddress = '" + $deviceLink.BgpConfiguration.LocalIPAddress + "'`r`n") | Out-Null; $bgpConfigAdded = $true } - if ($deviceLink.BgpConfiguration.PeerIPAddress) { $StringContent.Append(" PeerIPAddress = '" + $deviceLink.BgpConfiguration.PeerIPAddress + "'`r`n") | Out-Null; $bgpConfigAdded = $true } - if ($bgpConfigAdded) { $StringContent.Append(" }`r`n") | Out-Null } + if ($deviceLink.BgpConfiguration.Asn) + { + $StringContent.Append(' Asn = ' + $deviceLink.BgpConfiguration.Asn + "`r`n") | Out-Null; $bgpConfigAdded = $true + } + if ($deviceLink.BgpConfiguration.LocalIPAddress) + { + $StringContent.Append(" LocalIPAddress = '" + $deviceLink.BgpConfiguration.LocalIPAddress + "'`r`n") | Out-Null; $bgpConfigAdded = $true + } + if ($deviceLink.BgpConfiguration.PeerIPAddress) + { + $StringContent.Append(" PeerIPAddress = '" + $deviceLink.BgpConfiguration.PeerIPAddress + "'`r`n") | Out-Null; $bgpConfigAdded = $true + } + if ($bgpConfigAdded) + { + $StringContent.Append(" }`r`n") | Out-Null + } } # Redundancy Configuration - if ($deviceLink.RedundancyConfiguration) { + if ($deviceLink.RedundancyConfiguration) + { $redundancyConfigAdded = $false $StringContent.Append(" RedundancyConfiguration = MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration {`r`n") | Out-Null - if ($deviceLink.RedundancyConfiguration.RedundancyTier) { $StringContent.Append(" RedundancyTier = '" + $deviceLink.RedundancyConfiguration.RedundancyTier + "'`r`n") | Out-Null; $redundancyConfigAdded = $true } - if ($deviceLink.RedundancyConfiguration.ZoneLocalIPAddress) { $StringContent.Append(" ZoneLocalIPAddress = '" + $deviceLink.RedundancyConfiguration.ZoneLocalIPAddress + "'`r`n") | Out-Null; $redundancyConfigAdded = $true } - if ($redundancyConfigAdded) { $StringContent.Append(" }`r`n") | Out-Null } + if ($deviceLink.RedundancyConfiguration.RedundancyTier) + { + $StringContent.Append(" RedundancyTier = '" + $deviceLink.RedundancyConfiguration.RedundancyTier + "'`r`n") | Out-Null; $redundancyConfigAdded = $true + } + if ($deviceLink.RedundancyConfiguration.ZoneLocalIPAddress) + { + $StringContent.Append(" ZoneLocalIPAddress = '" + $deviceLink.RedundancyConfiguration.ZoneLocalIPAddress + "'`r`n") | Out-Null; $redundancyConfigAdded = $true + } + if ($redundancyConfigAdded) + { + $StringContent.Append(" }`r`n") | Out-Null + } } # Tunnel Configuration - if ($deviceLink.TunnelConfiguration) { + if ($deviceLink.TunnelConfiguration) + { $tunnelConfigAdded = $false $StringContent.Append(" TunnelConfiguration = MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration {`r`n") | Out-Null - if ($deviceLink.TunnelConfiguration.PreSharedKey) { $StringContent.Append(" PreSharedKey = '" + $deviceLink.TunnelConfiguration.PreSharedKey + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey) { $StringContent.Append(" ZoneRedundancyPreSharedKey = '" + $deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.SaLifeTimeSeconds) { $StringContent.Append(" SaLifeTimeSeconds = " + $deviceLink.TunnelConfiguration.SaLifeTimeSeconds + "`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.IpSecEncryption) { $StringContent.Append(" IPSecEncryption = '" + $deviceLink.TunnelConfiguration.IpSecEncryption + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.IpSecIntegrity) { $StringContent.Append(" IPSecIntegrity = '" + $deviceLink.TunnelConfiguration.IpSecIntegrity + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.IkeEncryption) { $StringContent.Append(" IKEEncryption = '" + $deviceLink.TunnelConfiguration.IkeEncryption + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.IkeIntegrity) { $StringContent.Append(" IKEIntegrity = '" + $deviceLink.TunnelConfiguration.IkeIntegrity + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.DhGroup) { $StringContent.Append(" DHGroup = '" + $deviceLink.TunnelConfiguration.DhGroup + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.PfsGroup) { $StringContent.Append(" PFSGroup = '" + $deviceLink.TunnelConfiguration.PfsGroup + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($deviceLink.TunnelConfiguration.ODataType) { $StringContent.Append(" ODataType = '" + $deviceLink.TunnelConfiguration.ODataType + "'`r`n") | Out-Null; $tunnelConfigAdded = $true } - if ($tunnelConfigAdded) { $StringContent.Append(" }`r`n") | Out-Null } + if ($deviceLink.TunnelConfiguration.PreSharedKey) + { + $StringContent.Append(" PreSharedKey = '" + $deviceLink.TunnelConfiguration.PreSharedKey + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey) + { + $StringContent.Append(" ZoneRedundancyPreSharedKey = '" + $deviceLink.TunnelConfiguration.ZoneRedundancyPreSharedKey + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.SaLifeTimeSeconds) + { + $StringContent.Append(' SaLifeTimeSeconds = ' + $deviceLink.TunnelConfiguration.SaLifeTimeSeconds + "`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.IpSecEncryption) + { + $StringContent.Append(" IPSecEncryption = '" + $deviceLink.TunnelConfiguration.IpSecEncryption + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.IpSecIntegrity) + { + $StringContent.Append(" IPSecIntegrity = '" + $deviceLink.TunnelConfiguration.IpSecIntegrity + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.IkeEncryption) + { + $StringContent.Append(" IKEEncryption = '" + $deviceLink.TunnelConfiguration.IkeEncryption + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.IkeIntegrity) + { + $StringContent.Append(" IKEIntegrity = '" + $deviceLink.TunnelConfiguration.IkeIntegrity + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.DhGroup) + { + $StringContent.Append(" DHGroup = '" + $deviceLink.TunnelConfiguration.DhGroup + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.PfsGroup) + { + $StringContent.Append(" PFSGroup = '" + $deviceLink.TunnelConfiguration.PfsGroup + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($deviceLink.TunnelConfiguration.ODataType) + { + $StringContent.Append(" ODataType = '" + $deviceLink.TunnelConfiguration.ODataType + "'`r`n") | Out-Null; $tunnelConfigAdded = $true + } + if ($tunnelConfigAdded) + { + $StringContent.Append(" }`r`n") | Out-Null + } } $StringContent.Append(" }`r`n") | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 index 609c174b67..5704447962 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 @@ -30,7 +30,7 @@ function Get-TargetResource $AppScopeId, [Parameter()] - [ValidateSet("adminAssign", "adminUpdate", "adminRemove", "selfActivate", "selfDeactivate", "adminExtend", "adminRenew", "selfExtend", "selfRenew", "unknownFutureValue")] + [ValidateSet('adminAssign', 'adminUpdate', 'adminRemove', 'selfActivate', 'selfDeactivate', 'adminExtend', 'adminRenew', 'selfExtend', 'selfRenew', 'unknownFutureValue')] [System.String] $Action, @@ -107,7 +107,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $request = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $request = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -117,7 +117,7 @@ function Get-TargetResource } } - Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId" + Write-Verbose -Message 'Getting Role Eligibility by PrincipalId and RoleDefinitionId' $PrincipalValue = $null if ($PrincipalType -eq 'User') { @@ -138,7 +138,7 @@ function Get-TargetResource $PrincipalValue = $PrincipalInstance.DisplayName } - Write-Verbose -Message "Found Principal" + Write-Verbose -Message 'Found Principal' $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id Write-Verbose -Message "Retrieved role definition {$RoleDefinition} with ID {$RoleDefinitionId}" @@ -155,7 +155,7 @@ function Get-TargetResource } $schedules = Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -Filter "PrincipalId eq '$($request.PrincipalId)'" - $schedule = $schedules | Where-Object -FilterScript {$_.RoleDefinitionId -eq $RoleDefinitionId} + $schedule = $schedules | Where-Object -FilterScript { $_.RoleDefinitionId -eq $RoleDefinitionId } if ($null -eq $schedule) { foreach ($instance in $schedules) @@ -187,12 +187,12 @@ function Get-TargetResource if ($null -ne $schedule.ScheduleInfo.Expiration) { $expirationValue = @{ - duration = $schedule.ScheduleInfo.Expiration.Duration - type = $schedule.ScheduleInfo.Expiration.Type + duration = $schedule.ScheduleInfo.Expiration.Duration + type = $schedule.ScheduleInfo.Expiration.Type } if ($null -ne $schedule.ScheduleInfo.Expiration.EndDateTime) { - $expirationValue.Add('endDateTime', $schedule.ScheduleInfo.Expiration.EndDateTime.ToString("yyyy-MM-ddThh:mm:ssZ")) + $expirationValue.Add('endDateTime', $schedule.ScheduleInfo.Expiration.EndDateTime.ToString('yyyy-MM-ddThh:mm:ssZ')) } $ScheduleInfoValue.Add('expiration', $expirationValue) } @@ -220,7 +220,7 @@ function Get-TargetResource } if ($null -ne $schedule.ScheduleInfo.StartDateTime) { - $ScheduleInfoValue.Add('StartDateTime', $schedule.ScheduleInfo.StartDateTime.ToString("yyyy-MM-ddThh:mm:ssZ")) + $ScheduleInfoValue.Add('StartDateTime', $schedule.ScheduleInfo.StartDateTime.ToString('yyyy-MM-ddThh:mm:ssZ')) } $ticketInfoValue = $null @@ -299,7 +299,7 @@ function Set-TargetResource $AppScopeId, [Parameter()] - [ValidateSet("adminAssign", "adminUpdate", "adminRemove", "selfActivate", "selfDeactivate", "adminExtend", "adminRenew", "selfExtend", "selfRenew", "unknownFutureValue")] + [ValidateSet('adminAssign', 'adminUpdate', 'adminRemove', 'selfActivate', 'selfDeactivate', 'adminExtend', 'adminRenew', 'selfExtend', 'selfRenew', 'unknownFutureValue')] [System.String] $Action, @@ -356,6 +356,7 @@ function Set-TargetResource { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` + } catch { @@ -409,12 +410,12 @@ function Set-TargetResource { throw "Multiple Principal with ID {$PrincipalId} of type {$PrincipalType} were found. Cannot create schedule." } - $ParametersOps.Add("PrincipalId", $PrincipalIdValue[0]) - $ParametersOps.Remove("Principal") | Out-Null + $ParametersOps.Add('PrincipalId', $PrincipalIdValue[0]) + $ParametersOps.Remove('Principal') | Out-Null $RoleDefinitionIdValue = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id - $ParametersOps.Add("RoleDefinitionId", $RoleDefinitionIdValue) - $ParametersOps.Remove("RoleDefinition") | Out-Null + $ParametersOps.Add('RoleDefinitionId', $RoleDefinitionIdValue) + $ParametersOps.Remove('RoleDefinition') | Out-Null if ($null -ne $ScheduleInfo) { @@ -422,7 +423,7 @@ function Set-TargetResource if ($ScheduleInfo.StartDateTime) { - $ScheduleInfoValue.Add("startDateTime", $ScheduleInfo.StartDateTime) + $ScheduleInfoValue.Add('startDateTime', $ScheduleInfo.StartDateTime) } if ($ScheduleInfo.Expiration) @@ -435,7 +436,7 @@ function Set-TargetResource { $expirationValue.Add('duration', $ScheduleInfo.Expiration.duration) } - $ScheduleInfoValue.Add("Expiration", $expirationValue) + $ScheduleInfoValue.Add('Expiration', $expirationValue) } if ($ScheduleInfo.Recurrence) @@ -455,7 +456,7 @@ function Set-TargetResource month = $ScheduleInfo.Recurrence.Pattern.month type = $ScheduleInfo.Recurrence.Pattern.type } - $recurrenceValue.Add("Pattern", $patternValue) + $recurrenceValue.Add('Pattern', $patternValue) } if ($ScheduleInfo.Recurrence.Range) { @@ -467,35 +468,35 @@ function Set-TargetResource startDate = $ScheduleInfo.Recurrence.Range.startDate type = $ScheduleInfo.Recurrence.Range.type } - $recurrenceValue.Add("Range", $rangeValue) + $recurrenceValue.Add('Range', $rangeValue) } if ($Found) { - $ScheduleInfoValue.Add("Recurrence", $recurrenceValue) + $ScheduleInfoValue.Add('Recurrence', $recurrenceValue) } } Write-Verbose -Message "ScheduleInfo: $(Convert-M365DscHashtableToString -Hashtable $ScheduleInfoValue)" $ParametersOps.ScheduleInfo = $ScheduleInfoValue } - $ParametersOps.Remove("PrincipalType") | Out-Null + $ParametersOps.Remove('PrincipalType') | Out-Null if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating a Role Assignment Schedule Request for principal {$Principal} and role {$RoleDefinition}" - $ParametersOps.Remove("Id") | Out-Null + $ParametersOps.Remove('Id') | Out-Null Write-Verbose -Message "Values: $(Convert-M365DscHashtableToString -Hashtable $ParametersOps)" New-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest @ParametersOps } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Role Assignment Schedule Request for principal {$Principal} and role {$RoleDefinition}" - $ParametersOps.Remove("Id") | Out-Null + $ParametersOps.Remove('Id') | Out-Null $ParametersOps.Action = 'AdminUpdate' New-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest @ParametersOps } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing the Role Assignment Schedule Request for principal {$Principal} and role {$RoleDefinition}" - $ParametersOps.Remove("Id") | Out-Null + $ParametersOps.Remove('Id') | Out-Null $ParametersOps.Action = 'AdminRemove' New-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest @ParametersOps } @@ -533,7 +534,7 @@ function Test-TargetResource $AppScopeId, [Parameter()] - [ValidateSet("adminAssign", "adminUpdate", "adminRemove", "selfActivate", "selfDeactivate", "adminExtend", "adminRenew", "selfExtend", "selfRenew", "unknownFutureValue")] + [ValidateSet('adminAssign', 'adminUpdate', 'adminRemove', 'selfActivate', 'selfDeactivate', 'adminExtend', 'adminRenew', 'selfExtend', 'selfRenew', 'unknownFutureValue')] [System.String] $Action, @@ -603,15 +604,15 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - $ValuesToCheck.Remove("Action") | Out-Null - if($null -ne $CurrentValues.ScheduleInfo -and $null -ne $ValuesToCheck.ScheduleInfo) + $ValuesToCheck.Remove('Action') | Out-Null + if ($null -ne $CurrentValues.ScheduleInfo -and $null -ne $ValuesToCheck.ScheduleInfo) { # Compare ScheduleInfo.Expiration if ($CurrentValues.ScheduleInfo.Expiration.duration -ne $ValuesToCheck.ScheduleInfo.Expiration.duration -or ` - $CurrentValues.ScheduleInfo.Expiration.endDateTime -ne $ValuesToCheck.ScheduleInfo.Expiration.endDateTime -or ` - $CurrentValues.ScheduleInfo.Expiration.type -ne $ValuesToCheck.ScheduleInfo.Expiration.type) + $CurrentValues.ScheduleInfo.Expiration.endDateTime -ne $ValuesToCheck.ScheduleInfo.Expiration.endDateTime -or ` + $CurrentValues.ScheduleInfo.Expiration.type -ne $ValuesToCheck.ScheduleInfo.Expiration.type) { - Write-Verbose -Message "Discrepancy found in ScheduleInfo.Expiration" + Write-Verbose -Message 'Discrepancy found in ScheduleInfo.Expiration' Write-Verbose -Message "Current: $($CurrentValues.ScheduleInfo.Expiration | Out-String)" Write-Verbose -Message "Desired: $($ValuesToCheck.ScheduleInfo.Expiration | Out-String)" return $false @@ -619,14 +620,14 @@ function Test-TargetResource # Compare ScheduleInfo.Recurrence.Pattern if ($CurrentValues.ScheduleInfo.Recurrence.Pattern.dayOfMonth -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.dayOfMonth -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.daysOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.daysOfWeek -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.index -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.index -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.interval -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.interval -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.month -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.month -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.type) + $CurrentValues.ScheduleInfo.Recurrence.Pattern.daysOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.daysOfWeek -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.index -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.index -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.interval -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.interval -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.month -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.month -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.type) { - Write-Verbose -Message "Discrepancy found in ScheduleInfo.Recurrence.Pattern" + Write-Verbose -Message 'Discrepancy found in ScheduleInfo.Recurrence.Pattern' Write-Verbose -Message "Current: $($CurrentValues.ScheduleInfo.Recurrence.Pattern | Out-String)" Write-Verbose -Message "Desired: $($ValuesToCheck.ScheduleInfo.Recurrence.Pattern | Out-String)" return $false @@ -634,12 +635,12 @@ function Test-TargetResource # Compare ScheduleInfo.Recurrence.Range if ($CurrentValues.ScheduleInfo.Recurrence.Range.endDate -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.endDate -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.numberOfOccurrences -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.startDate -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.startDate -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.type) + $CurrentValues.ScheduleInfo.Recurrence.Range.numberOfOccurrences -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` + $CurrentValues.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or ` + $CurrentValues.ScheduleInfo.Recurrence.Range.startDate -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.startDate -or ` + $CurrentValues.ScheduleInfo.Recurrence.Range.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.type) { - Write-Verbose -Message "Discrepancy found in ScheduleInfo.Recurrence.Range" + Write-Verbose -Message 'Discrepancy found in ScheduleInfo.Recurrence.Range' Write-Verbose -Message "Current: $($CurrentValues.ScheduleInfo.Recurrence.Range | Out-String)" Write-Verbose -Message "Desired: $($ValuesToCheck.ScheduleInfo.Recurrence.Range | Out-String)" return $false @@ -649,7 +650,7 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - $ValuesToCheck.Remove("ScheduleInfo") | Out-Null + $ValuesToCheck.Remove('ScheduleInfo') | Out-Null $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -717,10 +718,10 @@ function Export-TargetResource $schedules = Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -All -ErrorAction Stop [array] $Script:exportedInstances = @() [array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest -All ` - -Filter "Status ne 'Revoked'" -ErrorAction Stop + -Filter "Status ne 'Revoked'" -ErrorAction Stop foreach ($schedule in $schedules) { - [array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript {$_.TargetScheduleId -eq $schedule.Id} + [array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript { $_.TargetScheduleId -eq $schedule.Id } } #endregion @@ -830,8 +831,8 @@ function Export-TargetResource } catch { - if ($_.ErrorDetails.Message -like "*The tenant needs an AAD Premium*" -or ` - $_.ErrorDetails.MEssage -like "*[AadPremiumLicenseRequired]*") + if ($_.ErrorDetails.Message -like '*The tenant needs an AAD Premium*' -or ` + $_.ErrorDetails.MEssage -like '*[AadPremiumLicenseRequired]*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) Tenant does not meet license requirement to extract this component." } @@ -862,7 +863,7 @@ function Get-M365DSCAzureADEligibilityRequestTicketInfoAsString if ($TicketInfo.TicketNumber -or $TicketInfo.TicketSystem) { - $StringContent = "MSFT_AADRoleAssignmentScheduleRequestTicketInfo {`r`n" + $StringContent = "MSFT_AADRoleAssignmentScheduleRequestTicketInfo {`r`n" $StringContent += " ticketNumber = '$($TicketInfo.TicketNumber)'`r`n" $StringContent += " ticketSystem = '$($TicketInfo.TicketSystem)'`r`n" $StringContent += " }`r`n" @@ -885,7 +886,7 @@ function Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString ) $Found = $false - $StringContent = "MSFT_AADRoleAssignmentScheduleRequestSchedule {`r`n" + $StringContent = "MSFT_AADRoleAssignmentScheduleRequestSchedule {`r`n" if ($ScheduleInfo.StartDateTime) { $StringContent += " startDateTime = '$($ScheduleInfo.StartDateTime)'`r`n" @@ -903,26 +904,26 @@ function Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString { $StringContent += " endDateTime = '$($ScheduleInfo.Expiration.EndDateTime.ToString())'`r`n" } - if($ScheduleInfo.Expiration.Type) + if ($ScheduleInfo.Expiration.Type) { $StringContent += " type = '$($ScheduleInfo.Expiration.Type)'`r`n" } $StringContent += " }`r`n" } - if($ScheduleInfo.Recurrence.Pattern.DayOfMonth -or $ScheduleInfo.Recurrence.Pattern.DaysOfWeek -or ` - $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` - $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` - $ScheduleInfo.Recurrence.Pattern.Type -or $ScheduleInfo.Recurrence.Range.EndDate -or $ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` - $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` - $ScheduleInfo.Recurrence.Range.type) + if ($ScheduleInfo.Recurrence.Pattern.DayOfMonth -or $ScheduleInfo.Recurrence.Pattern.DaysOfWeek -or ` + $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` + $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` + $ScheduleInfo.Recurrence.Pattern.Type -or $ScheduleInfo.Recurrence.Range.EndDate -or $ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` + $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` + $ScheduleInfo.Recurrence.Range.type) { $StringContent += " recurrence = MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrence`r`n" $StringContent += " {`r`n" if ($ScheduleInfo.Recurrence.Pattern.DayOfMonth -or $ScheduleInfo.Recurrence.Pattern.DaysOfWeek -or ` - $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` - $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` - $ScheduleInfo.Recurrence.Pattern.Type) + $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` + $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` + $ScheduleInfo.Recurrence.Pattern.Type) { $Found = $true $StringContent += " pattern = MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrencePattern`r`n" @@ -958,8 +959,8 @@ function Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString $StringContent += " }`r`n" } if ($ScheduleInfo.Recurrence.Range.EndDate -or $ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` - $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` - $ScheduleInfo.Recurrence.Range.type) + $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` + $ScheduleInfo.Recurrence.Range.type) { $Found = $true $StringContent += " range = MSFT_AADRoleAssignmentScheduleRequestScheduleRange`r`n" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 index c4ba83eb52..772a68b2ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 @@ -96,7 +96,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AADRoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $AADRoleDefinition = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -112,7 +112,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AADRoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $AADRoleDefinition = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 6ebb336f0d..511422e668 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -30,7 +30,7 @@ $AppScopeId, [Parameter()] - [ValidateSet("adminAssign", "adminUpdate", "adminRemove", "selfActivate", "selfDeactivate", "adminExtend", "adminRenew", "selfExtend", "selfRenew", "unknownFutureValue")] + [ValidateSet('adminAssign', 'adminUpdate', 'adminRemove', 'selfActivate', 'selfDeactivate', 'adminExtend', 'adminRenew', 'selfExtend', 'selfRenew', 'unknownFutureValue')] [System.String] $Action, @@ -107,7 +107,7 @@ { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $request = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $request = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -117,7 +117,7 @@ } } - Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId" + Write-Verbose -Message 'Getting Role Eligibility by PrincipalId and RoleDefinitionId' $PrincipalValue = $null if ($PrincipalType -eq 'User') { @@ -138,7 +138,7 @@ $PrincipalValue = $PrincipalInstance.DisplayName } - Write-Verbose -Message "Found Principal" + Write-Verbose -Message 'Found Principal' $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id Write-Verbose -Message "Retrieved role definition {$RoleDefinition} with ID {$RoleDefinitionId}" @@ -155,7 +155,7 @@ } $schedules = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$($request.PrincipalId)'" - $schedule = $schedules | Where-Object -FilterScript {$_.RoleDefinitionId -eq $RoleDefinitionId} + $schedule = $schedules | Where-Object -FilterScript { $_.RoleDefinitionId -eq $RoleDefinitionId } if ($null -eq $schedule) { foreach ($instance in $schedules) @@ -187,12 +187,12 @@ if ($null -ne $schedule.ScheduleInfo.Expiration) { $expirationValue = @{ - duration = $schedule.ScheduleInfo.Expiration.Duration - type = $schedule.ScheduleInfo.Expiration.Type + duration = $schedule.ScheduleInfo.Expiration.Duration + type = $schedule.ScheduleInfo.Expiration.Type } if ($null -ne $schedule.ScheduleInfo.Expiration.EndDateTime) { - $expirationValue.Add('endDateTime', $schedule.ScheduleInfo.Expiration.EndDateTime.ToString("yyyy-MM-ddThh:mm:ssZ")) + $expirationValue.Add('endDateTime', $schedule.ScheduleInfo.Expiration.EndDateTime.ToString('yyyy-MM-ddThh:mm:ssZ')) } $ScheduleInfoValue.Add('expiration', $expirationValue) } @@ -220,7 +220,7 @@ } if ($null -ne $schedule.ScheduleInfo.StartDateTime) { - $ScheduleInfoValue.Add('StartDateTime', $schedule.ScheduleInfo.StartDateTime.ToString("yyyy-MM-ddThh:mm:ssZ")) + $ScheduleInfoValue.Add('StartDateTime', $schedule.ScheduleInfo.StartDateTime.ToString('yyyy-MM-ddThh:mm:ssZ')) } $ticketInfoValue = $null @@ -299,7 +299,7 @@ function Set-TargetResource $AppScopeId, [Parameter()] - [ValidateSet("adminAssign", "adminUpdate", "adminRemove", "selfActivate", "selfDeactivate", "adminExtend", "adminRenew", "selfExtend", "selfRenew", "unknownFutureValue")] + [ValidateSet('adminAssign', 'adminUpdate', 'adminRemove', 'selfActivate', 'selfDeactivate', 'adminExtend', 'adminRenew', 'selfExtend', 'selfRenew', 'unknownFutureValue')] [System.String] $Action, @@ -356,6 +356,7 @@ function Set-TargetResource { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` + } catch { @@ -409,12 +410,12 @@ function Set-TargetResource { throw "Multiple Principal with ID {$PrincipalId} of type {$PrincipalType} were found. Cannot create schedule." } - $ParametersOps.Add("PrincipalId", $PrincipalIdValue[0]) - $ParametersOps.Remove("Principal") | Out-Null + $ParametersOps.Add('PrincipalId', $PrincipalIdValue[0]) + $ParametersOps.Remove('Principal') | Out-Null $RoleDefinitionIdValue = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id - $ParametersOps.Add("RoleDefinitionId", $RoleDefinitionIdValue) - $ParametersOps.Remove("RoleDefinition") | Out-Null + $ParametersOps.Add('RoleDefinitionId', $RoleDefinitionIdValue) + $ParametersOps.Remove('RoleDefinition') | Out-Null if ($null -ne $ScheduleInfo) { @@ -422,7 +423,7 @@ function Set-TargetResource if ($ScheduleInfo.StartDateTime) { - $ScheduleInfoValue.Add("startDateTime", $ScheduleInfo.StartDateTime) + $ScheduleInfoValue.Add('startDateTime', $ScheduleInfo.StartDateTime) } if ($ScheduleInfo.Expiration) @@ -435,7 +436,7 @@ function Set-TargetResource { $expirationValue.Add('duration', $ScheduleInfo.Expiration.duration) } - $ScheduleInfoValue.Add("Expiration", $expirationValue) + $ScheduleInfoValue.Add('Expiration', $expirationValue) } if ($ScheduleInfo.Recurrence) @@ -455,7 +456,7 @@ function Set-TargetResource month = $ScheduleInfo.Recurrence.Pattern.month type = $ScheduleInfo.Recurrence.Pattern.type } - $recurrenceValue.Add("Pattern", $patternValue) + $recurrenceValue.Add('Pattern', $patternValue) } if ($ScheduleInfo.Recurrence.Range) { @@ -467,35 +468,35 @@ function Set-TargetResource startDate = $ScheduleInfo.Recurrence.Range.startDate type = $ScheduleInfo.Recurrence.Range.type } - $recurrenceValue.Add("Range", $rangeValue) + $recurrenceValue.Add('Range', $rangeValue) } if ($Found) { - $ScheduleInfoValue.Add("Recurrence", $recurrenceValue) + $ScheduleInfoValue.Add('Recurrence', $recurrenceValue) } } Write-Verbose -Message "ScheduleInfo: $(Convert-M365DscHashtableToString -Hashtable $ScheduleInfoValue)" $ParametersOps.ScheduleInfo = $ScheduleInfoValue } - $ParametersOps.Remove("PrincipalType") | Out-Null + $ParametersOps.Remove('PrincipalType') | Out-Null if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating a Role Assignment Schedule Request for principal {$Principal} and role {$RoleDefinition}" - $ParametersOps.Remove("Id") | Out-Null + $ParametersOps.Remove('Id') | Out-Null Write-Verbose -Message "Values: $(Convert-M365DscHashtableToString -Hashtable $ParametersOps)" New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest @ParametersOps } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Role Assignment Schedule Request for principal {$Principal} and role {$RoleDefinition}" - $ParametersOps.Remove("Id") | Out-Null + $ParametersOps.Remove('Id') | Out-Null $ParametersOps.Action = 'AdminUpdate' New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest @ParametersOps } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing the Role Assignment Schedule Request for principal {$Principal} and role {$RoleDefinition}" - $ParametersOps.Remove("Id") | Out-Null + $ParametersOps.Remove('Id') | Out-Null $ParametersOps.Action = 'AdminRemove' New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest @ParametersOps } @@ -533,7 +534,7 @@ function Test-TargetResource $AppScopeId, [Parameter()] - [ValidateSet("adminAssign", "adminUpdate", "adminRemove", "selfActivate", "selfDeactivate", "adminExtend", "adminRenew", "selfExtend", "selfRenew", "unknownFutureValue")] + [ValidateSet('adminAssign', 'adminUpdate', 'adminRemove', 'selfActivate', 'selfDeactivate', 'adminExtend', 'adminRenew', 'selfExtend', 'selfRenew', 'unknownFutureValue')] [System.String] $Action, @@ -603,15 +604,15 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - $ValuesToCheck.Remove("Action") | Out-Null - if($null -ne $CurrentValues.ScheduleInfo -and $null -ne $ValuesToCheck.ScheduleInfo) + $ValuesToCheck.Remove('Action') | Out-Null + if ($null -ne $CurrentValues.ScheduleInfo -and $null -ne $ValuesToCheck.ScheduleInfo) { # Compare ScheduleInfo.Expiration if ($CurrentValues.ScheduleInfo.Expiration.duration -ne $ValuesToCheck.ScheduleInfo.Expiration.duration -or ` - $CurrentValues.ScheduleInfo.Expiration.endDateTime -ne $ValuesToCheck.ScheduleInfo.Expiration.endDateTime -or ` - $CurrentValues.ScheduleInfo.Expiration.type -ne $ValuesToCheck.ScheduleInfo.Expiration.type) + $CurrentValues.ScheduleInfo.Expiration.endDateTime -ne $ValuesToCheck.ScheduleInfo.Expiration.endDateTime -or ` + $CurrentValues.ScheduleInfo.Expiration.type -ne $ValuesToCheck.ScheduleInfo.Expiration.type) { - Write-Verbose -Message "Discrepancy found in ScheduleInfo.Expiration" + Write-Verbose -Message 'Discrepancy found in ScheduleInfo.Expiration' Write-Verbose -Message "Current: $($CurrentValues.ScheduleInfo.Expiration | Out-String)" Write-Verbose -Message "Desired: $($ValuesToCheck.ScheduleInfo.Expiration | Out-String)" return $false @@ -619,14 +620,14 @@ function Test-TargetResource # Compare ScheduleInfo.Recurrence.Pattern if ($CurrentValues.ScheduleInfo.Recurrence.Pattern.dayOfMonth -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.dayOfMonth -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.daysOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.daysOfWeek -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.index -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.index -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.interval -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.interval -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.month -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.month -or ` - $CurrentValues.ScheduleInfo.Recurrence.Pattern.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.type) + $CurrentValues.ScheduleInfo.Recurrence.Pattern.daysOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.daysOfWeek -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.index -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.index -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.interval -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.interval -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.month -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.month -or ` + $CurrentValues.ScheduleInfo.Recurrence.Pattern.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Pattern.type) { - Write-Verbose -Message "Discrepancy found in ScheduleInfo.Recurrence.Pattern" + Write-Verbose -Message 'Discrepancy found in ScheduleInfo.Recurrence.Pattern' Write-Verbose -Message "Current: $($CurrentValues.ScheduleInfo.Recurrence.Pattern | Out-String)" Write-Verbose -Message "Desired: $($ValuesToCheck.ScheduleInfo.Recurrence.Pattern | Out-String)" return $false @@ -634,12 +635,12 @@ function Test-TargetResource # Compare ScheduleInfo.Recurrence.Range if ($CurrentValues.ScheduleInfo.Recurrence.Range.endDate -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.endDate -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.numberOfOccurrences -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.startDate -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.startDate -or ` - $CurrentValues.ScheduleInfo.Recurrence.Range.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.type) + $CurrentValues.ScheduleInfo.Recurrence.Range.numberOfOccurrences -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` + $CurrentValues.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or ` + $CurrentValues.ScheduleInfo.Recurrence.Range.startDate -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.startDate -or ` + $CurrentValues.ScheduleInfo.Recurrence.Range.type -ne $ValuesToCheck.ScheduleInfo.Recurrence.Range.type) { - Write-Verbose -Message "Discrepancy found in ScheduleInfo.Recurrence.Range" + Write-Verbose -Message 'Discrepancy found in ScheduleInfo.Recurrence.Range' Write-Verbose -Message "Current: $($CurrentValues.ScheduleInfo.Recurrence.Range | Out-String)" Write-Verbose -Message "Desired: $($ValuesToCheck.ScheduleInfo.Recurrence.Range | Out-String)" return $false @@ -649,7 +650,7 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - $ValuesToCheck.Remove("ScheduleInfo") | Out-Null + $ValuesToCheck.Remove('ScheduleInfo') | Out-Null $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -717,10 +718,10 @@ function Export-TargetResource $schedules = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -All -ErrorAction Stop [array] $Script:exportedInstances = @() [array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All ` - -Filter "Status ne 'Revoked'" -ErrorAction Stop + -Filter "Status ne 'Revoked'" -ErrorAction Stop foreach ($schedule in $schedules) { - [array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript {$_.TargetScheduleId -eq $schedule.Id} + [array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript { $_.TargetScheduleId -eq $schedule.Id } } #endregion @@ -830,8 +831,8 @@ function Export-TargetResource } catch { - if ($_.ErrorDetails.Message -like "*The tenant needs an AAD Premium*" -or ` - $_.ErrorDetails.MEssage -like "*[AadPremiumLicenseRequired]*") + if ($_.ErrorDetails.Message -like '*The tenant needs an AAD Premium*' -or ` + $_.ErrorDetails.MEssage -like '*[AadPremiumLicenseRequired]*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) Tenant does not meet license requirement to extract this component." } @@ -862,7 +863,7 @@ function Get-M365DSCAzureADEligibilityRequestTicketInfoAsString if ($TicketInfo.TicketNumber -or $TicketInfo.TicketSystem) { - $StringContent = "MSFT_AADRoleEligibilityScheduleRequestTicketInfo {`r`n" + $StringContent = "MSFT_AADRoleEligibilityScheduleRequestTicketInfo {`r`n" $StringContent += " ticketNumber = '$($TicketInfo.TicketNumber)'`r`n" $StringContent += " ticketSystem = '$($TicketInfo.TicketSystem)'`r`n" $StringContent += " }`r`n" @@ -885,7 +886,7 @@ function Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString ) $Found = $false - $StringContent = "MSFT_AADRoleEligibilityScheduleRequestSchedule {`r`n" + $StringContent = "MSFT_AADRoleEligibilityScheduleRequestSchedule {`r`n" if ($ScheduleInfo.StartDateTime) { $StringContent += " startDateTime = '$($ScheduleInfo.StartDateTime)'`r`n" @@ -903,26 +904,26 @@ function Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString { $StringContent += " endDateTime = '$($ScheduleInfo.Expiration.EndDateTime.ToString())'`r`n" } - if($ScheduleInfo.Expiration.Type) + if ($ScheduleInfo.Expiration.Type) { $StringContent += " type = '$($ScheduleInfo.Expiration.Type)'`r`n" } $StringContent += " }`r`n" } - if($ScheduleInfo.Recurrence.Pattern.DayOfMonth -or $ScheduleInfo.Recurrence.Pattern.DaysOfWeek -or ` - $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` - $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` - $ScheduleInfo.Recurrence.Pattern.Type -or $ScheduleInfo.Recurrence.Range.EndDate -or $ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` - $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` - $ScheduleInfo.Recurrence.Range.type) + if ($ScheduleInfo.Recurrence.Pattern.DayOfMonth -or $ScheduleInfo.Recurrence.Pattern.DaysOfWeek -or ` + $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` + $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` + $ScheduleInfo.Recurrence.Pattern.Type -or $ScheduleInfo.Recurrence.Range.EndDate -or $ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` + $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` + $ScheduleInfo.Recurrence.Range.type) { $StringContent += " recurrence = MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrence`r`n" $StringContent += " {`r`n" if ($ScheduleInfo.Recurrence.Pattern.DayOfMonth -or $ScheduleInfo.Recurrence.Pattern.DaysOfWeek -or ` - $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` - $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` - $ScheduleInfo.Recurrence.Pattern.Type) + $ScheduleInfo.Recurrence.Pattern.firstDayOfWeek -or $ScheduleInfo.Recurrence.Pattern.Index -or ` + $ScheduleInfo.Recurrence.Pattern.Interval -or $ScheduleInfo.Recurrence.Pattern.Month -or ` + $ScheduleInfo.Recurrence.Pattern.Type) { $Found = $true $StringContent += " pattern = MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrencePattern`r`n" @@ -958,8 +959,8 @@ function Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString $StringContent += " }`r`n" } if ($ScheduleInfo.Recurrence.Range.EndDate -or $ScheduleInfo.Recurrence.Range.numberOfOccurrences -or ` - $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` - $ScheduleInfo.Recurrence.Range.type) + $ScheduleInfo.Recurrence.Range.recurrenceTimeZone -or $ScheduleInfo.Recurrence.Range.startDate -or ` + $ScheduleInfo.Recurrence.Range.type) { $Found = $true $StringContent += " range = MSFT_AADRoleEligibilityScheduleRequestScheduleRange`r`n" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.psm1 index 7273bdc894..38970a049e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.psm1 @@ -90,14 +90,14 @@ function Get-TargetResource $getValue = $null $role = Get-MgBetaRoleManagementDirectoryRoleDefinition -All -Filter "DisplayName eq '$($roleDisplayName)'" - if($null -eq $role) + if ($null -eq $role) { Write-Verbose -Message "Could not find an Azure AD Role Management Definition with DisplayName {$roleDisplayName}" return $nullResult } $assignment = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter "RoleDefinitionId eq '$($role.Id)' and scopeId eq '/' and scopeType eq 'DirectoryRole'" - if($null -eq $assignment) + if ($null -eq $assignment) { Write-Verbose -Message "Could not find an Azure AD Role Management Policy Assignment with RoleDefinitionId {$role.Id}" return $nullResult @@ -107,7 +107,7 @@ function Get-TargetResource $getValue = Get-MgBetaPolicyRoleManagementPolicyRule ` -UnifiedRoleManagementPolicyId $policyId ` - -UnifiedRoleManagementPolicyRuleId $id -ErrorAction SilentlyContinue + -UnifiedRoleManagementPolicyRuleId $id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -116,24 +116,24 @@ function Get-TargetResource } Write-Verbose -Message "An Azure AD Role Management Policy Rule with Id {$id} and PolicyId {$policyId} was found" - $rule = Get-M365DSCRoleManagementPolicyRuleObject -Rule $getValue + $rule = Get-M365DSCRoleManagementPolicyRuleObject -Rule $getValue $results = @{ - id = $id - policyId = $policyId - roleDisplayName = $roleDisplayName - ruleType = $rule.ruleType - expirationRule = $rule.expirationRule - notificationRule = $rule.notificationRule - enablementRule = $rule.enablementRule - approvalRule = $rule.approvalRule + id = $id + policyId = $policyId + roleDisplayName = $roleDisplayName + ruleType = $rule.ruleType + expirationRule = $rule.expirationRule + notificationRule = $rule.notificationRule + enablementRule = $rule.enablementRule + approvalRule = $rule.approvalRule authenticationContextRule = $rule.authenticationContextRule - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } return [System.Collections.Hashtable] $results @@ -239,63 +239,63 @@ function Set-TargetResource Write-Verbose -Message "Updating the Azure AD Role Management Policy Rule with Id {$($currentInstance.Id)}" $body = @{ - '@odata.type' = $ruleType + '@odata.type' = $ruleType } - if($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule') + if ($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule') { $expirationRuleHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $expirationRule # add all the properties to the body - foreach($key in $expirationRuleHashmap.Keys) + foreach ($key in $expirationRuleHashmap.Keys) { $body.Add($key, $expirationRuleHashmap.$key) } } - if($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyNotificationRule') + if ($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyNotificationRule') { $notificationRuleHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $notificationRule # add all the properties to the body - foreach($key in $notificationRuleHashmap.Keys) + foreach ($key in $notificationRuleHashmap.Keys) { $body.Add($key, $notificationRuleHashmap.$key) } } - if($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule') + if ($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule') { $enablementRuleHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $enablementRule # add all the properties to the body - foreach($key in $enablementRuleHashmap.Keys) + foreach ($key in $enablementRuleHashmap.Keys) { $body.Add($key, $enablementRuleHashmap.$key) } } - if($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule') + if ($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule') { $approvalRuleHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $approvalRule # add all the properties to the body - foreach($key in $approvalRuleHashmap.Keys) + foreach ($key in $approvalRuleHashmap.Keys) { $body.Add($key, $approvalRuleHashmap.$key) } } - if($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule') + if ($ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule') { $authenticationContextRuleHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $authenticationContextRule # add all the properties to the body - foreach($key in $authenticationContextRuleHashmap.Keys) + foreach ($key in $authenticationContextRuleHashmap.Keys) { $body.Add($key, $authenticationContextRuleHashmap.$key) } } Update-MgBetaPolicyRoleManagementPolicyRule ` - -UnifiedRoleManagementPolicyId $currentInstance.policyId ` - -UnifiedRoleManagementPolicyRuleId $currentInstance.Id ` - -BodyParameter $body + -UnifiedRoleManagementPolicyId $currentInstance.policyId ` + -UnifiedRoleManagementPolicyRuleId $currentInstance.Id ` + -BodyParameter $body #endregion } @@ -487,7 +487,7 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline try { - [array] $roles = Get-MgBetaRoleManagementDirectoryRoleDefinition -All + [array] $roles = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter $Filter -All $j = 1 foreach ($role in $roles) @@ -497,10 +497,14 @@ function Export-TargetResource $rules = Get-MgBetaPolicyRoleManagementPolicyRule ` -UnifiedRoleManagementPolicyId $policyId - Write-Host " |---[$j/$($roles.Count)] $($role.displayName)" + Write-Host " |---[$j/$($roles.Count)] $($role.displayName)" $i = 1 - foreach($rule in $rules) + foreach ($rule in $rules) { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } Write-Host " |---[$i/$($rules.Count)] $($role.displayName)_$($rule.id)" -NoNewline $Params = @{ roleDisplayName = $role.displayName @@ -517,21 +521,21 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results if ($null -ne $Results.expirationRule) { $complexMapping = @( @{ - Name = 'expirationRule' + Name = 'expirationRule' CimInstanceName = 'AADRoleManagementPolicyExpirationRule' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.expirationRule` - -CIMInstanceName 'AADRoleManagementPolicyExpirationRule' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.expirationRule` + -CIMInstanceName 'AADRoleManagementPolicyExpirationRule' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -547,15 +551,15 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'notificationRule' + Name = 'notificationRule' CimInstanceName = 'AADRoleManagementPolicyNotificationRule' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.notificationRule` - -CIMInstanceName 'AADRoleManagementPolicyNotificationRule' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.notificationRule` + -CIMInstanceName 'AADRoleManagementPolicyNotificationRule' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -572,15 +576,15 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'enablementRule' + Name = 'enablementRule' CimInstanceName = 'AADRoleManagementPolicyEnablementRule' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.enablementRule` - -CIMInstanceName 'AADRoleManagementPolicyEnablementRule' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.enablementRule` + -CIMInstanceName 'AADRoleManagementPolicyEnablementRule' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -596,15 +600,15 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'authenticationContextRule' + Name = 'authenticationContextRule' CimInstanceName = 'AADRoleManagementPolicyAuthenticationContextRule' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.authenticationContextRule` - -CIMInstanceName 'AADRoleManagementPolicyAuthenticationContextRule' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.authenticationContextRule` + -CIMInstanceName 'AADRoleManagementPolicyAuthenticationContextRule' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -620,35 +624,35 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'approvalRule' + Name = 'approvalRule' CimInstanceName = 'AADRoleManagementPolicyApprovalRule' - IsRequired = $False + IsRequired = $False } @{ - Name = 'setting' + Name = 'setting' CimInstanceName = 'AADRoleManagementPolicyApprovalSettings' - IsRequired = $False + IsRequired = $False } @{ - Name = 'approvalStages' + Name = 'approvalStages' CimInstanceName = 'AADRoleManagementPolicyApprovalStage' - IsRequired = $False + IsRequired = $False } @{ - Name = 'escalationApprovers' + Name = 'escalationApprovers' CimInstanceName = 'AADRoleManagementPolicySubjectSet' - IsRequired = $False + IsRequired = $False } @{ - Name = 'primaryApprovers' + Name = 'primaryApprovers' CimInstanceName = 'AADRoleManagementPolicySubjectSet' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.approvalRule` - -CIMInstanceName 'AADRoleManagementPolicyApprovalRule' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.approvalRule` + -CIMInstanceName 'AADRoleManagementPolicyApprovalRule' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -661,40 +665,40 @@ function Export-TargetResource } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential if ($Results.expirationRule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "expirationRule" -IsCIMArray:$false + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'expirationRule' -IsCIMArray:$false } if ($Results.notificationRule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "notificationRule" -IsCIMArray:$false + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'notificationRule' -IsCIMArray:$false } if ($Results.enablementRule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "enablementRule" -IsCIMArray:$false + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'enablementRule' -IsCIMArray:$false } if ($Results.approvalRule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "approvalRule" -IsCIMArray:$false + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'approvalRule' -IsCIMArray:$false } if ($Results.authenticationContextRule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "authenticationContextRule" -IsCIMArray:$false + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'authenticationContextRule' -IsCIMArray:$false } $dscContent.Append($currentDSCBlock) | Out-Null Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark $i++ } @@ -731,34 +735,34 @@ function Get-M365DSCRoleManagementPolicyRuleObject return $null } - $odataType = "@odata.type" + $odataType = '@odata.type' $values = @{ - id = $Rule.id - ruleType = $Rule.AdditionalProperties.$odataType + id = $Rule.id + ruleType = $Rule.AdditionalProperties.$odataType } - if($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule') + if ($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule') { $expirationRule = @{ isExpirationRequired = $Rule.AdditionalProperties.isExpirationRequired - maximumDuration = $Rule.AdditionalProperties.maximumDuration + maximumDuration = $Rule.AdditionalProperties.maximumDuration } $values.Add('expirationRule', $expirationRule) } - if($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyNotificationRule') + if ($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyNotificationRule') { $notificationRule = @{ - notificationType = $Rule.AdditionalProperties.notificationType - recipientType = $Rule.AdditionalProperties.recipientType - notificationLevel = $Rule.AdditionalProperties.notificationLevel + notificationType = $Rule.AdditionalProperties.notificationType + recipientType = $Rule.AdditionalProperties.recipientType + notificationLevel = $Rule.AdditionalProperties.notificationLevel isDefaultRecipientsEnabled = $Rule.AdditionalProperties.isDefaultRecipientsEnabled - notificationRecipients = [array]$Rule.AdditionalProperties.notificationRecipients + notificationRecipients = [array]$Rule.AdditionalProperties.notificationRecipients } $values.Add('notificationRule', $notificationRule) } - if($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule') + if ($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule') { $enablementRule = @{ enabledRules = [array]$Rule.AdditionalProperties.enabledRules @@ -766,13 +770,13 @@ function Get-M365DSCRoleManagementPolicyRuleObject $values.Add('enablementRule', $enablementRule) } - if($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule') + if ($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule') { $approvalStages = @() - foreach($stage in $Rule.AdditionalProperties.setting.approvalStages) + foreach ($stage in $Rule.AdditionalProperties.setting.approvalStages) { $primaryApprovers = @() - foreach($approver in $stage.primaryApprovers) + foreach ($approver in $stage.primaryApprovers) { $primaryApprover = @{ odataType = $approver.$odataType @@ -781,7 +785,7 @@ function Get-M365DSCRoleManagementPolicyRuleObject } $escalationApprovers = @() - foreach($approver in $stage.escalationApprovers) + foreach ($approver in $stage.escalationApprovers) { $escalationApprover = @{ odataType = $approver.$odataType @@ -790,22 +794,22 @@ function Get-M365DSCRoleManagementPolicyRuleObject } $approvalStage = @{ - approvalStageTimeOutInDays = $stage.approvalStageTimeOutInDays - escalationTimeInMinutes = $stage.escalationTimeInMinutes + approvalStageTimeOutInDays = $stage.approvalStageTimeOutInDays + escalationTimeInMinutes = $stage.escalationTimeInMinutes isApproverJustificationRequired = $stage.isApproverJustificationRequired - isEscalationEnabled = $stage.isEscalationEnabled - escalationApprovers = [array]$escalationApprovers - primaryApprovers = [array]$primaryApprovers + isEscalationEnabled = $stage.isEscalationEnabled + escalationApprovers = [array]$escalationApprovers + primaryApprovers = [array]$primaryApprovers } $approvalStages += $approvalStage } $setting = @{ - approvalMode = $Rule.AdditionalProperties.setting.approvalMode; - isApprovalRequired = $Rule.AdditionalProperties.setting.isApprovalRequired - isApprovalRequiredForExtension = $Rule.AdditionalProperties.setting.isApprovalRequiredForExtension + approvalMode = $Rule.AdditionalProperties.setting.approvalMode + isApprovalRequired = $Rule.AdditionalProperties.setting.isApprovalRequired + isApprovalRequiredForExtension = $Rule.AdditionalProperties.setting.isApprovalRequiredForExtension isRequestorJustificationRequired = $Rule.AdditionalProperties.setting.isRequestorJustificationRequired - approvalStages = [array]$approvalStages + approvalStages = [array]$approvalStages } $approvalRule = @{ setting = $setting @@ -813,10 +817,10 @@ function Get-M365DSCRoleManagementPolicyRuleObject $values.Add('approvalRule', $approvalRule) } - if($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule') + if ($values.ruleType -eq '#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule') { $authenticationContextRule = @{ - isEnabled = $Rule.AdditionalProperties.isEnabled + isEnabled = $Rule.AdditionalProperties.isEnabled claimValue = $Rule.AdditionalProperties.claimValue } $values.Add('authenticationContextRule', $authenticationContextRule) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.schema.mof index 26d8fff818..09b5121d61 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/MSFT_AADRoleManagementPolicyRule.schema.mof @@ -23,7 +23,7 @@ class MSFT_AADRoleManagementPolicyEnablementRule }; [ClassVersion("1.0.0.0")] -class MSFT_AADRoleManagementPolicySubjectSet +class MSFT_AADRoleManagementPolicySubjectSet { [Write, Description("The type of the subject set.")] String odataType; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/settings.json index c9d3df95e9..0df5763863 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleManagementPolicyRule/settings.json @@ -1,51 +1,50 @@ { "resourceName": "AADRoleManagementPolicyRule", "description": "This resource configures an Azure AD Role Management Policy Rule.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "RoleManagementPolicy.Read.Directory" - }, - { - "name": "RoleManagement.Read.Directory" - }, - { - "name": "RoleManagement.Read.All" - } - ], - "update": [ - { - "name": "RoleManagementPolicy.ReadWrite.Directory" - }, - { - "name": "RoleManagement.ReadWrite.Directory" - } - ] - }, - "application": { - "read": [ - { - "name": "RoleManagementPolicy.Read.Directory" - }, - { - "name": "RoleManagement.Read.Directory" - }, - { - "name": "RoleManagement.Read.All" - } - ], - "update": [ - { - "name": "RoleManagementPolicy.ReadWrite.Directory" - }, - { - "name": "RoleManagement.ReadWrite.Directory" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "RoleManagementPolicy.Read.Directory" + }, + { + "name": "RoleManagement.Read.Directory" + }, + { + "name": "RoleManagement.Read.All" + } + ], + "update": [ + { + "name": "RoleManagementPolicy.ReadWrite.Directory" + }, + { + "name": "RoleManagement.ReadWrite.Directory" + } + ] + }, + "application": { + "read": [ + { + "name": "RoleManagementPolicy.Read.Directory" + }, + { + "name": "RoleManagement.Read.Directory" + }, + { + "name": "RoleManagement.Read.All" + } + ], + "update": [ + { + "name": "RoleManagementPolicy.ReadWrite.Directory" + }, + { + "name": "RoleManagement.ReadWrite.Directory" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 43cd0c3f04..2af52a4d70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -1459,7 +1459,7 @@ function Export-TargetResource } catch { - if ($_.ErrorDetails.Message -like "*The tenant needs to have Microsoft Entra*") + if ($_.ErrorDetails.Message -like '*The tenant needs to have Microsoft Entra*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) AAD Premium License is required to get the role." return '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index cb79bf3233..dea562de05 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -156,7 +156,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AADServicePrincipal = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $AADServicePrincipal = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -175,7 +175,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AADServicePrincipal = $Script:exportedInstances | Where-Object -FilterScript {$_.AppId -eq $AppId} + $AADServicePrincipal = $Script:exportedInstances | Where-Object -FilterScript { $_.AppId -eq $AppId } } else { @@ -186,13 +186,13 @@ function Get-TargetResource if ($appInstance) { $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` - -Expand 'AppRoleAssignedTo' + -Expand 'AppRoleAssignedTo' } } else { $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($AppId)'" ` - -Expand 'AppRoleAssignedTo' + -Expand 'AppRoleAssignedTo' } } } @@ -239,7 +239,8 @@ function Get-TargetResource [Array]$complexDelegatedPermissionClassifications = @() $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" $permissionClassifications = Invoke-MgGraphRequest -Uri $Uri -Method Get - foreach ($permissionClassification in $permissionClassifications.Value){ + foreach ($permissionClassification in $permissionClassifications.Value) + { $hashtable = @{ classification = $permissionClassification.Classification permissionName = $permissionClassification.permissionName @@ -251,7 +252,7 @@ function Get-TargetResource foreach ($currentkeyCredentials in $AADServicePrincipal.keyCredentials) { $mykeyCredentials = @{} - if($null -ne $currentkeyCredentials.customKeyIdentifier) + if ($null -ne $currentkeyCredentials.customKeyIdentifier) { $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) } @@ -263,7 +264,7 @@ function Get-TargetResource $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) - if($null -ne $currentkeyCredentials.Key) + if ($null -ne $currentkeyCredentials.Key) { $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) } @@ -274,7 +275,7 @@ function Get-TargetResource } $mykeyCredentials.Add('Type', $currentkeyCredentials.type) $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) - if ($mykeyCredentials.values.Where({$null -ne $_}).Count -gt 0) + if ($mykeyCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { $complexKeyCredentials += $mykeyCredentials } @@ -295,14 +296,15 @@ function Get-TargetResource { $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) } - if ($mypasswordCredentials.values.Where({$null -ne $_}).Count -gt 0) + if ($mypasswordCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { $complexPasswordCredentials += $mypasswordCredentials } } $complexCustomSecurityAttributes = [Array](Get-CustomSecurityAttributes -ServicePrincipalId $AADServicePrincipal.Id) - if ($null -eq $complexCustomSecurityAttributes) { + if ($null -eq $complexCustomSecurityAttributes) + { $complexCustomSecurityAttributes = @() } @@ -517,9 +519,12 @@ function Set-TargetResource $currentParameters.Remove('Owners') | Out-Null # update the custom security attributes to be cmdlet comsumable - if ($null -ne $currentParameters.CustomSecurityAttributes -and $currentParameters.CustomSecurityAttributes -gt 0) { + if ($null -ne $currentParameters.CustomSecurityAttributes -and $currentParameters.CustomSecurityAttributes -gt 0) + { $currentParameters.CustomSecurityAttributes = Get-M365DSCAADServicePrincipalCustomSecurityAttributesAsCmdletHashtable -CustomSecurityAttributes $currentParameters.CustomSecurityAttributes - } else { + } + else + { $currentParameters.Remove('CustomSecurityAttributes') } @@ -555,8 +560,10 @@ function Set-TargetResource } # Adding delegated permissions classifications - if($null -ne $DelegatedPermissionClassifications){ - foreach ($permissionClassification in $DelegatedPermissionClassifications){ + if ($null -ne $DelegatedPermissionClassifications) + { + foreach ($permissionClassification in $DelegatedPermissionClassifications) + { $params = @{ classification = $permissionClassification.Classification permissionName = $permissionClassification.permissionName @@ -588,7 +595,8 @@ function Set-TargetResource } #removing the current custom security attributes - if ($currentAADServicePrincipal.CustomSecurityAttributes.Count -gt 0) { + if ($currentAADServicePrincipal.CustomSecurityAttributes.Count -gt 0) + { $currentAADServicePrincipal.CustomSecurityAttributes = Get-M365DSCAADServicePrincipalCustomSecurityAttributesAsCmdletHashtable -CustomSecurityAttributes $currentAADServicePrincipal.CustomSecurityAttributes -GetForDelete $true $CSAParams = @{ customSecurityAttributes = $currentAADServicePrincipal.CustomSecurityAttributes @@ -600,7 +608,7 @@ function Set-TargetResource if ($IdentifierUris) { - Write-Verbose -Message "Updating the Application ID Uri on the application instance." + Write-Verbose -Message 'Updating the Application ID Uri on the application instance.' $appInstance = Get-MgApplication -Filter "AppId eq '$AppId'" Update-MgApplication -ApplicationId $appInstance.Id -IdentifierUris $IdentifierUris } @@ -610,8 +618,8 @@ function Set-TargetResource [Array]$desiredPrincipals = $AppRoleAssignedTo.Identity [Array]$differences = Compare-Object -ReferenceObject $currentPrincipals -DifferenceObject $desiredPrincipals - [Array]$membersToAdd = $differences | Where-Object -FilterScript {$_.SideIndicator -eq '=>'} - [Array]$membersToRemove = $differences | Where-Object -FilterScript {$_.SideIndicator -eq '<='} + [Array]$membersToAdd = $differences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' } + [Array]$membersToRemove = $differences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' } if ($differences.Count -gt 0) { @@ -627,7 +635,7 @@ function Set-TargetResource } foreach ($member in $membersToAdd) { - $assignment = $AppRoleAssignedToValues | Where-Object -FilterScript {$_.Identity -eq $member.InputObject} + $assignment = $AppRoleAssignedToValues | Where-Object -FilterScript { $_.Identity -eq $member.InputObject } if ($assignment.PrincipalType -eq 'User') { Write-Verbose -Message "Retrieving user {$($assignment.Identity)}" @@ -644,7 +652,7 @@ function Set-TargetResource $bodyParam = @{ principalId = $PrincipalIdValue resourceId = $currentAADServicePrincipal.ObjectID - appRoleId = "00000000-0000-0000-0000-000000000000" + appRoleId = '00000000-0000-0000-0000-000000000000' } Write-Verbose -Message "Adding member {$($member.InputObject.ToString())}" New-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $currentAADServicePrincipal.ObjectID ` @@ -664,7 +672,7 @@ function Set-TargetResource } foreach ($member in $membersToRemove) { - $assignment = $AppRoleAssignedToValues | Where-Object -FilterScript {$_.Identity -eq $member.InputObject} + $assignment = $AppRoleAssignedToValues | Where-Object -FilterScript { $_.Identity -eq $member.InputObject } if ($assignment.PrincipalType -eq 'User') { Write-Verbose -Message "Retrieving user {$($assignment.Identity)}" @@ -680,7 +688,7 @@ function Set-TargetResource Write-Verbose -Message "PrincipalID Value = '$PrincipalIdValue'" Write-Verbose -Message "ServicePrincipalId = '$($currentAADServicePrincipal.ObjectID)'" $allAssignments = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $currentAADServicePrincipal.ObjectID - $assignmentToRemove = $allAssignments | Where-Object -FilterScript {$_.PrincipalId -eq $PrincipalIdValue} + $assignmentToRemove = $allAssignments | Where-Object -FilterScript { $_.PrincipalId -eq $PrincipalIdValue } Write-Verbose -Message "Removing member {$($member.InputObject.ToString())}" Remove-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $currentAADServicePrincipal.ObjectID ` -AppRoleAssignmentId $assignmentToRemove.Id | Out-Null @@ -689,7 +697,7 @@ function Set-TargetResource } } - Write-Verbose -Message "Checking if owners need to be updated..." + Write-Verbose -Message 'Checking if owners need to be updated...' if ($null -ne $Owners) { @@ -705,29 +713,31 @@ function Set-TargetResource } Write-Verbose -Message "Adding owner {$($userInfo.Id)}" New-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId ` - -BodyParameter $body | Out-Null + -BodyParameter $body | Out-Null } else { Write-Verbose -Message "Removing owner {$($userInfo.Id)}" Remove-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId ` - -DirectoryObjectId $userInfo.Id | Out-Null + -DirectoryObjectId $userInfo.Id | Out-Null } } - Write-Verbose -Message "Checking if DelegatedPermissionClassifications need to be updated..." + Write-Verbose -Message 'Checking if DelegatedPermissionClassifications need to be updated...' if ($null -ne $DelegatedPermissionClassifications) { # removing old perm classifications $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" $permissionClassificationList = Invoke-MgGraphRequest -Uri $Uri -Method Get - foreach($permissionClassification in $permissionClassificationList.Value){ + foreach ($permissionClassification in $permissionClassificationList.Value) + { Invoke-MgGraphRequest -Uri "$($Uri)/$($permissionClassification.Id)" -Method Delete } # adding new perm classifications - foreach ($permissionClassification in $DelegatedPermissionClassifications){ + foreach ($permissionClassification in $DelegatedPermissionClassifications) + { $params = @{ classification = $permissionClassification.Classification permissionName = $permissionClassification.permissionName @@ -910,7 +920,8 @@ function Test-TargetResource { $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -920,12 +931,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -996,9 +1007,9 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline $Script:ExportMode = $true [array] $Script:exportedInstances = Get-MgServicePrincipal -All:$true ` - -Filter $Filter ` - -Expand 'AppRoleAssignedTo' ` - -ErrorAction Stop + -Filter $Filter ` + -Expand 'AppRoleAssignedTo' ` + -ErrorAction Stop foreach ($AADServicePrincipal in $Script:exportedInstances) { if ($null -ne $Global:M365DSCExportResourceInstancesCount) @@ -1034,8 +1045,8 @@ function Export-TargetResource if ($null -ne $Results.KeyCredentials) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KeyCredentials ` - -CIMInstanceName 'MicrosoftGraphkeyCredential' + -ComplexObject $Results.KeyCredentials ` + -CIMInstanceName 'MicrosoftGraphkeyCredential' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.KeyCredentials = $complexTypeStringResult @@ -1048,8 +1059,8 @@ function Export-TargetResource if ($null -ne $Results.PasswordCredentials) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.PasswordCredentials ` - -CIMInstanceName 'MicrosoftGraphpasswordCredential' + -ComplexObject $Results.PasswordCredentials ` + -CIMInstanceName 'MicrosoftGraphpasswordCredential' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.PasswordCredentials = $complexTypeStringResult @@ -1081,13 +1092,13 @@ function Export-TargetResource if ($null -ne $Results.KeyCredentials) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName "KeyCredentials" -IsCIMArray:$True + -ParameterName 'KeyCredentials' -IsCIMArray:$True } if ($null -ne $Results.PasswordCredentials) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName "PasswordCredentials" -IsCIMArray:$True + -ParameterName 'PasswordCredentials' -IsCIMArray:$True } if ($null -ne $Results.CustomSecurityAttributes) @@ -1136,38 +1147,46 @@ function Get-M365DSCAADServicePrincipalCustomSecurityAttributesAsCmdletHashtable # logic to update the custom security attributes to be cmdlet comsumable $updatedCustomSecurityAttributes = @{} - foreach ($attributeSet in $CustomSecurityAttributes) { + foreach ($attributeSet in $CustomSecurityAttributes) + { $attributeSetKey = $attributeSet.AttributeSetName $valuesHashtable = @{} $valuesHashtable.Add('@odata.type', '#Microsoft.DirectoryServices.CustomSecurityAttributeValue') - foreach ($attribute in $attributeSet.AttributeValues) { + foreach ($attribute in $attributeSet.AttributeValues) + { $attributeKey = $attribute.AttributeName # supply attributeName = $null in the body, if you want to delete this attribute - if ($GetForDelete -eq $true) { + if ($GetForDelete -eq $true) + { $valuesHashtable.Add($attributeKey, $null) continue } $odataKey = $attributeKey + '@odata.type' - if ($null -ne $attribute.StringArrayValue) { - $valuesHashtable.Add($odataKey, "#Collection(String)") + if ($null -ne $attribute.StringArrayValue) + { + $valuesHashtable.Add($odataKey, '#Collection(String)') $attributeValue = $attribute.StringArrayValue } - elseif ($null -ne $attribute.IntArrayValue) { - $valuesHashtable.Add($odataKey, "#Collection(Int32)") + elseif ($null -ne $attribute.IntArrayValue) + { + $valuesHashtable.Add($odataKey, '#Collection(Int32)') $attributeValue = $attribute.IntArrayValue } - elseif ($null -ne $attribute.StringValue) { - $valuesHashtable.Add($odataKey, "#String") + elseif ($null -ne $attribute.StringValue) + { + $valuesHashtable.Add($odataKey, '#String') $attributeValue = $attribute.StringValue } - elseif ($null -ne $attribute.IntValue) { - $valuesHashtable.Add($odataKey, "#Int32") + elseif ($null -ne $attribute.IntValue) + { + $valuesHashtable.Add($odataKey, '#Int32') $attributeValue = $attribute.IntValue } - elseif ($null -ne $attribute.BoolValue) { + elseif ($null -ne $attribute.BoolValue) + { $attributeValue = $attribute.BoolValue } @@ -1179,36 +1198,43 @@ function Get-M365DSCAADServicePrincipalCustomSecurityAttributesAsCmdletHashtable } # Function to create MSFT_AttributeValue -function Create-AttributeValue { +function Create-AttributeValue +{ param ( [string]$AttributeName, [object]$Value ) $attributeValue = @{ - AttributeName = $AttributeName + AttributeName = $AttributeName StringArrayValue = $null - IntArrayValue = $null - StringValue = $null - IntValue = $null - BoolValue = $null + IntArrayValue = $null + StringValue = $null + IntValue = $null + BoolValue = $null } # Handle different types of values - if ($Value -is [string]) { + if ($Value -is [string]) + { $attributeValue.StringValue = $Value } - elseif ($Value -is [System.Int32] -or $Value -is [System.Int64]) { + elseif ($Value -is [System.Int32] -or $Value -is [System.Int64]) + { $attributeValue.IntValue = $Value } - elseif ($Value -is [bool]) { + elseif ($Value -is [bool]) + { $attributeValue.BoolValue = $Value } - elseif ($Value -is [array]) { - if ($Value[0] -is [string]) { + elseif ($Value -is [array]) + { + if ($Value[0] -is [string]) + { $attributeValue.StringArrayValue = $Value } - elseif ($Value[0] -is [System.Int32] -or $Value[0] -is [System.Int64]) { + elseif ($Value[0] -is [System.Int32] -or $Value[0] -is [System.Int64]) + { $attributeValue.IntArrayValue = $Value } } @@ -1217,7 +1243,8 @@ function Create-AttributeValue { } -function Get-CustomSecurityAttributes { +function Get-CustomSecurityAttributes +{ [OutputType([System.Array])] param ( [String]$ServicePrincipalId @@ -1227,15 +1254,18 @@ function Get-CustomSecurityAttributes { $customSecurityAttributes = $customSecurityAttributes.customSecurityAttributes $newCustomSecurityAttributes = @() - foreach ($key in $customSecurityAttributes.Keys) { + foreach ($key in $customSecurityAttributes.Keys) + { $attributeSet = @{ AttributeSetName = $key AttributeValues = @() } - foreach ($attribute in $customSecurityAttributes[$key].Keys) { + foreach ($attribute in $customSecurityAttributes[$key].Keys) + { # Skip properties that end with '@odata.type' - if ($attribute -like "*@odata.type") { + if ($attribute -like '*@odata.type') + { continue } @@ -1276,23 +1306,28 @@ function Get-M365DSCAADServicePrincipalCustomSecurityAttributesAsString { $StringContent += " MSFT_AADServicePrincipalAttributeValue {`r`n" $StringContent += " AttributeName = '" + $attributeValue.AttributeName + "'`r`n" - if ($null -ne $attributeValue.BoolValue){ - $StringContent += " BoolValue = $" + $attributeValue.BoolValue + "`r`n" + if ($null -ne $attributeValue.BoolValue) + { + $StringContent += ' BoolValue = $' + $attributeValue.BoolValue + "`r`n" } - elseif ($null -ne $attributeValue.StringValue){ + elseif ($null -ne $attributeValue.StringValue) + { $StringContent += " StringValue = '" + $attributeValue.StringValue + "'`r`n" } - elseif ($null -ne $attributeValue.IntValue){ - $StringContent += " IntValue = " + $attributeValue.IntValue + "`r`n" + elseif ($null -ne $attributeValue.IntValue) + { + $StringContent += ' IntValue = ' + $attributeValue.IntValue + "`r`n" } - elseif ($null -ne $attributeValue.StringArrayValue){ - $StringContent += " StringArrayValue = @(" - $StringContent += ($attributeValue.StringArrayValue | ForEach-Object { "'$_'" }) -join "," + elseif ($null -ne $attributeValue.StringArrayValue) + { + $StringContent += ' StringArrayValue = @(' + $StringContent += ($attributeValue.StringArrayValue | ForEach-Object { "'$_'" }) -join ',' $StringContent += ")`r`n" } - elseif ($null -ne $attributeValue.IntArrayValue){ - $StringContent += " IntArrayValue = @(" - $StringContent += $attributeValue.IntArrayValue -join "," + elseif ($null -ne $attributeValue.IntArrayValue) + { + $StringContent += ' IntArrayValue = @(' + $StringContent += $attributeValue.IntArrayValue -join ',' $StringContent += ")`r`n" } $StringContent += " }`r`n" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 index 31ed6bb584..8dd43b269f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 @@ -17,7 +17,7 @@ function Get-TargetResource $DisplayName, [Parameter()] - [ValidateSet("AADSignup", "EmailOTP", "Microsoft", "MicrosoftAccount", "Google", "Amazon", "LinkedIn", "Facebook", "GitHub", "Twitter", "Weibo", "QQ", "WeChat")] + [ValidateSet('AADSignup', 'EmailOTP', 'Microsoft', 'MicrosoftAccount', 'Google', 'Amazon', 'LinkedIn', 'Facebook', 'GitHub', 'Twitter', 'Weibo', 'QQ', 'WeChat')] [System.String] $IdentityProviderType, @@ -76,7 +76,7 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' $getValue = Get-MgBetaIdentityProvider -Filter "Id eq '$ClientId'" ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript {$_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.socialIdentityProvider'} + -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.socialIdentityProvider' } if ($null -eq $getValue) { @@ -137,7 +137,7 @@ function Set-TargetResource $DisplayName, [Parameter()] - [ValidateSet("AADSignup", "EmailOTP", "Microsoft", "MicrosoftAccount", "Google", "Amazon", "LinkedIn", "Facebook", "GitHub", "Twitter", "Weibo", "QQ", "WeChat")] + [ValidateSet('AADSignup', 'EmailOTP', 'Microsoft', 'MicrosoftAccount', 'Google', 'Amazon', 'LinkedIn', 'Facebook', 'GitHub', 'Twitter', 'Weibo', 'QQ', 'WeChat')] [System.String] $IdentityProviderType, @@ -191,20 +191,20 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $AdditionalProperties = @{ - '@odata.type' = "microsoft.graph.socialIdentityProvider" + '@odata.type' = 'microsoft.graph.socialIdentityProvider' identityProviderType = $IdentityProviderType } - $BoundParameters.Add("AdditionalProperties", $AdditionalProperties) - $BoundParameters.Remove("IdentityProviderType") | Out-Null + $BoundParameters.Add('AdditionalProperties', $AdditionalProperties) + $BoundParameters.Remove('IdentityProviderType') | Out-Null if ($ClientId) { $BoundParameters.AdditionalProperties.Add('ClientId', $ClientId) - $BoundParameters.Remove("ClientId") | Out-Null + $BoundParameters.Remove('ClientId') | Out-Null } if ($ClientSecret) { $BoundParameters.AdditionalProperties.Add('ClientSecret', $ClientSecret) - $BoundParameters.Remove("ClientSecret") | Out-Null + $BoundParameters.Remove('ClientSecret') | Out-Null } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { @@ -244,7 +244,7 @@ function Test-TargetResource $DisplayName, [Parameter()] - [ValidateSet("AADSignup", "EmailOTP", "Microsoft", "MicrosoftAccount", "Google", "Amazon", "LinkedIn", "Facebook", "GitHub", "Twitter", "Weibo", "QQ", "WeChat")] + [ValidateSet('AADSignup', 'EmailOTP', 'Microsoft', 'MicrosoftAccount', 'Google', 'Amazon', 'LinkedIn', 'Facebook', 'GitHub', 'Twitter', 'Weibo', 'QQ', 'WeChat')] [System.String] $IdentityProviderType, @@ -364,7 +364,7 @@ function Export-TargetResource try { - [array]$getValue = Get-MgBetaIdentityProvider -All -ErrorAction Stop | Where-Object -FilterScript {$_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.socialIdentityProvider'} + [array]$getValue = Get-MgBetaIdentityProvider -All -ErrorAction Stop | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.socialIdentityProvider' } $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 index ecf50fe040..72a39a5eec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 @@ -216,7 +216,7 @@ function Set-TargetResource $currentParameters.Add('OrganizationId', $(Get-MgBetaOrganization).Id) try { - Write-Verbose -Message "Calling Update-MGBetaOrganization with parameters:" + Write-Verbose -Message 'Calling Update-MGBetaOrganization with parameters:' Write-Verbose -Message "$(Convert-M365DscHashtableToString -Hashtable $currentParameters)" Update-MgBetaOrganization @currentParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index d4131dd18c..288e5aea9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -935,104 +935,104 @@ function Export-TargetResource ErrorAction = 'Stop' } $queryTypes = @{ - 'eq' = @('assignedPlans/any(a:a/capabilityStatus)', - 'assignedPlans/any(a:a/service)', - 'assignedPlans/any(a:a/servicePlanId)', - 'authorizationInfo/certificateUserIds/any(p:p)', - 'businessPhones/any(p:p)', - 'companyName', - 'createdObjects/any(c:c/id)', - 'employeeHireDate', - 'employeeOrgData/costCenter', - 'employeeOrgData/division', - 'employeeType', - 'faxNumber', - 'mobilePhone', - 'officeLocation', - 'onPremisesExtensionAttributes/extensionAttribute1', - 'onPremisesExtensionAttributes/extensionAttribute10', - 'onPremisesExtensionAttributes/extensionAttribute11', - 'onPremisesExtensionAttributes/extensionAttribute12', - 'onPremisesExtensionAttributes/extensionAttribute13', - 'onPremisesExtensionAttributes/extensionAttribute14', - 'onPremisesExtensionAttributes/extensionAttribute15', - 'onPremisesExtensionAttributes/extensionAttribute2', - 'onPremisesExtensionAttributes/extensionAttribute3', - 'onPremisesExtensionAttributes/extensionAttribute4', - 'onPremisesExtensionAttributes/extensionAttribute5', - 'onPremisesExtensionAttributes/extensionAttribute6', - 'onPremisesExtensionAttributes/extensionAttribute7', - 'onPremisesExtensionAttributes/extensionAttribute8', - 'onPremisesExtensionAttributes/extensionAttribute9', - 'onPremisesSamAccountName', - 'passwordProfile/forceChangePasswordNextSignIn', - 'passwordProfile/forceChangePasswordNextSignInWithMfa', - 'postalCode', - 'preferredLanguage', - 'provisionedPlans/any(p:p/provisioningStatus)', - 'provisionedPlans/any(p:p/service)', - 'showInAddressList', - 'streetAddress') - - 'startsWith' = @( - 'assignedPlans/any(a:a/service)', - 'businessPhones/any(p:p)', - 'companyName', - 'faxNumber', - 'mobilePhone', - 'officeLocation', - 'onPremisesSamAccountName', - 'postalCode', - 'preferredLanguage', - 'provisionedPlans/any(p:p/service)', - 'streetAddress' - ) - 'ge' = @('employeeHireDate') - 'le' = @('employeeHireDate') - 'eq Null' = @( - 'city', - 'companyName', - 'country', - 'createdDateTime', - 'department', - 'displayName', - 'employeeId', - 'faxNumber', - 'givenName', - 'jobTitle', - 'mail', - 'mailNickname', - 'mobilePhone', - 'officeLocation', - 'onPremisesExtensionAttributes/extensionAttribute1', - 'onPremisesExtensionAttributes/extensionAttribute10', - 'onPremisesExtensionAttributes/extensionAttribute11', - 'onPremisesExtensionAttributes/extensionAttribute12', - 'onPremisesExtensionAttributes/extensionAttribute13', - 'onPremisesExtensionAttributes/extensionAttribute14', - 'onPremisesExtensionAttributes/extensionAttribute15', - 'onPremisesExtensionAttributes/extensionAttribute2', - 'onPremisesExtensionAttributes/extensionAttribute3', - 'onPremisesExtensionAttributes/extensionAttribute4', - 'onPremisesExtensionAttributes/extensionAttribute5', - 'onPremisesExtensionAttributes/extensionAttribute6', - 'onPremisesExtensionAttributes/extensionAttribute7', - 'onPremisesExtensionAttributes/extensionAttribute8', - 'onPremisesExtensionAttributes/extensionAttribute9', - 'onPremisesSecurityIdentifier', - 'onPremisesSyncEnabled', - 'passwordPolicies', - 'passwordProfile/forceChangePasswordNextSignIn', - 'passwordProfile/forceChangePasswordNextSignInWithMfa', - 'postalCode', - 'preferredLanguage', - 'state', - 'streetAddress', - 'surname', - 'usageLocation', - 'userType' - ) - } + 'eq' = @('assignedPlans/any(a:a/capabilityStatus)', + 'assignedPlans/any(a:a/service)', + 'assignedPlans/any(a:a/servicePlanId)', + 'authorizationInfo/certificateUserIds/any(p:p)', + 'businessPhones/any(p:p)', + 'companyName', + 'createdObjects/any(c:c/id)', + 'employeeHireDate', + 'employeeOrgData/costCenter', + 'employeeOrgData/division', + 'employeeType', + 'faxNumber', + 'mobilePhone', + 'officeLocation', + 'onPremisesExtensionAttributes/extensionAttribute1', + 'onPremisesExtensionAttributes/extensionAttribute10', + 'onPremisesExtensionAttributes/extensionAttribute11', + 'onPremisesExtensionAttributes/extensionAttribute12', + 'onPremisesExtensionAttributes/extensionAttribute13', + 'onPremisesExtensionAttributes/extensionAttribute14', + 'onPremisesExtensionAttributes/extensionAttribute15', + 'onPremisesExtensionAttributes/extensionAttribute2', + 'onPremisesExtensionAttributes/extensionAttribute3', + 'onPremisesExtensionAttributes/extensionAttribute4', + 'onPremisesExtensionAttributes/extensionAttribute5', + 'onPremisesExtensionAttributes/extensionAttribute6', + 'onPremisesExtensionAttributes/extensionAttribute7', + 'onPremisesExtensionAttributes/extensionAttribute8', + 'onPremisesExtensionAttributes/extensionAttribute9', + 'onPremisesSamAccountName', + 'passwordProfile/forceChangePasswordNextSignIn', + 'passwordProfile/forceChangePasswordNextSignInWithMfa', + 'postalCode', + 'preferredLanguage', + 'provisionedPlans/any(p:p/provisioningStatus)', + 'provisionedPlans/any(p:p/service)', + 'showInAddressList', + 'streetAddress') + + 'startsWith' = @( + 'assignedPlans/any(a:a/service)', + 'businessPhones/any(p:p)', + 'companyName', + 'faxNumber', + 'mobilePhone', + 'officeLocation', + 'onPremisesSamAccountName', + 'postalCode', + 'preferredLanguage', + 'provisionedPlans/any(p:p/service)', + 'streetAddress' + ) + 'ge' = @('employeeHireDate') + 'le' = @('employeeHireDate') + 'eq Null' = @( + 'city', + 'companyName', + 'country', + 'createdDateTime', + 'department', + 'displayName', + 'employeeId', + 'faxNumber', + 'givenName', + 'jobTitle', + 'mail', + 'mailNickname', + 'mobilePhone', + 'officeLocation', + 'onPremisesExtensionAttributes/extensionAttribute1', + 'onPremisesExtensionAttributes/extensionAttribute10', + 'onPremisesExtensionAttributes/extensionAttribute11', + 'onPremisesExtensionAttributes/extensionAttribute12', + 'onPremisesExtensionAttributes/extensionAttribute13', + 'onPremisesExtensionAttributes/extensionAttribute14', + 'onPremisesExtensionAttributes/extensionAttribute15', + 'onPremisesExtensionAttributes/extensionAttribute2', + 'onPremisesExtensionAttributes/extensionAttribute3', + 'onPremisesExtensionAttributes/extensionAttribute4', + 'onPremisesExtensionAttributes/extensionAttribute5', + 'onPremisesExtensionAttributes/extensionAttribute6', + 'onPremisesExtensionAttributes/extensionAttribute7', + 'onPremisesExtensionAttributes/extensionAttribute8', + 'onPremisesExtensionAttributes/extensionAttribute9', + 'onPremisesSecurityIdentifier', + 'onPremisesSyncEnabled', + 'passwordPolicies', + 'passwordProfile/forceChangePasswordNextSignIn', + 'passwordProfile/forceChangePasswordNextSignInWithMfa', + 'postalCode', + 'preferredLanguage', + 'state', + 'streetAddress', + 'surname', + 'usageLocation', + 'userType' + ) + } # Initialize a flag to indicate whether the filter conditions match the attribute support $allConditionsMatched = $true @@ -1041,12 +1041,16 @@ function Export-TargetResource # Assuming the provided PowerShell script is part of a larger context and the variable $Filter is defined elsewhere # Check if $Filter is not null - if ($Filter) { + if ($Filter) + { # Check each condition in the filter against the support list - foreach ($condition in $Filter.Split(' ')) { - if ($condition -match '(\w+)/(\w+):(\w+)') { + foreach ($condition in $Filter.Split(' ')) + { + if ($condition -match '(\w+)/(\w+):(\w+)') + { $attribute, $operation, $value = $matches[1], $matches[2], $matches[3] - if (-not $queryTypes.ContainsKey($operation) -or -not $queryTypes[$operation].Contains($attribute)) { + if (-not $queryTypes.ContainsKey($operation) -or -not $queryTypes[$operation].Contains($attribute)) + { $allConditionsMatched = $false break } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/settings.json index 193babc59d..d337017e0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/settings.json @@ -52,7 +52,6 @@ { "name": "GroupMember.ReadWrite.All" } - ] }, "application": { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUserFlowAttribute/MSFT_AADUserFlowAttribute.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUserFlowAttribute/MSFT_AADUserFlowAttribute.psm1 index fe59ebd78f..bfdb34ae58 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUserFlowAttribute/MSFT_AADUserFlowAttribute.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUserFlowAttribute/MSFT_AADUserFlowAttribute.psm1 @@ -105,18 +105,18 @@ function Get-TargetResource { Write-Verbose -Message "Found configuration of user flow attribute $($DisplayName)" $result = @{ - Id = $UserFlowAttribute.Id - DisplayName = $UserFlowAttribute.DisplayName - Description = $UserFlowAttribute.Description - DataType = $UserFlowAttribute.DataType - Ensure = 'Present' - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - Credential = $Credential - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Id = $UserFlowAttribute.Id + DisplayName = $UserFlowAttribute.DisplayName + Description = $UserFlowAttribute.Description + DataType = $UserFlowAttribute.DataType + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + Credential = $Credential + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 index e986ac2baf..841db686a5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 @@ -58,7 +58,7 @@ function Get-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'AdminAPI' ` - -InboundParameters $PSBoundParameters + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -67,8 +67,8 @@ function Get-TargetResource $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters + -CommandName $CommandName ` + -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion @@ -82,7 +82,7 @@ function Get-TargetResource } else { - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities" + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'GET' $instances = $response.value } @@ -91,25 +91,25 @@ function Get-TargetResource return $nullResult } - $instance = Get-M365DSCVerifiedIdAuthorityObject -Authority ($instances | Where-Object -FilterScript {$_.didModel.linkedDomainUrls[0] -eq $LinkedDomainUrl}) + $instance = Get-M365DSCVerifiedIdAuthorityObject -Authority ($instances | Where-Object -FilterScript { $_.didModel.linkedDomainUrls[0] -eq $LinkedDomainUrl }) if ($null -eq $instance) { return $nullResult } $results = @{ - Id = $instance.Id - Name = $instance.Name - LinkedDomainUrl = $instance.LinkedDomainUrl - DidMethod = $instance.DidMethod - KeyVaultMetadata = $instance.KeyVaultMetadata - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - AccessTokens = $AccessTokens + Id = $instance.Id + Name = $instance.Name + LinkedDomainUrl = $instance.LinkedDomainUrl + DidMethod = $instance.DidMethod + KeyVaultMetadata = $instance.KeyVaultMetadata + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results @@ -117,10 +117,10 @@ function Get-TargetResource catch { New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential return $nullResult } @@ -204,33 +204,33 @@ function Set-TargetResource Write-Verbose -Message "Retrieved current instance: $($currentInstance.Name) with Id $($currentInstance.Id)" $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities/" + $currentInstance.Id + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities/' + $currentInstance.Id if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an VerifiedId Authority with Name {$Name} and Id $($currentInstance.Id)" $body = @{ - name = $Name - linkedDomainUrl = $LinkedDomainUrl - didMethod = $DidMethod - keyVaultMetadata = @{ + name = $Name + linkedDomainUrl = $LinkedDomainUrl + didMethod = $DidMethod + keyVaultMetadata = @{ subscriptionId = $KeyVaultMetadata.SubscriptionId - resourceGroup = $KeyVaultMetadata.ResourceGroup - resourceName = $KeyVaultMetadata.ResourceName - resourceUrl = $KeyVaultMetadata.ResourceUrl + resourceGroup = $KeyVaultMetadata.ResourceGroup + resourceName = $KeyVaultMetadata.ResourceName + resourceUrl = $KeyVaultMetadata.ResourceUrl } } Write-Verbose -Message "Creating VerifiedId Authority with body $($body | ConvertTo-Json -Depth 5)" - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities" + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'POST' -Body $body } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating an VerifiedId Authority with Name {$Name} and Id $($currentInstance.Id)" - Write-Warning -Message "You can only update Name of the VerifiedId Authority, if you want to update other properties, please delete and recreate the VerifiedId Authority." + Write-Warning -Message 'You can only update Name of the VerifiedId Authority, if you want to update other properties, please delete and recreate the VerifiedId Authority.' $body = @{ name = $Name } @@ -240,7 +240,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing VerifiedId Authority with Name {$Name} and Id $($currentInstance.Id)" - $uri = "https://verifiedid.did.msidentity.com/beta/verifiableCredentials/authorities/" + $currentInstance.Id + $uri = 'https://verifiedid.did.msidentity.com/beta/verifiableCredentials/authorities/' + $currentInstance.Id Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'DELETE' } } @@ -340,7 +340,8 @@ function Test-TargetResource Write-Verbose "TestResult returned False for $source" $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -350,12 +351,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -424,7 +425,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities" + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'GET' [array] $Script:exportedInstances = $response.value @@ -450,21 +451,21 @@ function Export-TargetResource if ($Results.Ensure -eq 'Present') { $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results if ($null -ne $Results.KeyVaultMetadata) { $complexMapping = @( @{ - Name = 'KeyVaultMetadata' + Name = 'KeyVaultMetadata' CimInstanceName = 'AADVerifiedIdAuthorityKeyVaultMetadata' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KeyVaultMetadata ` - -CIMInstanceName 'AADVerifiedIdAuthorityKeyVaultMetadata' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.KeyVaultMetadata ` + -CIMInstanceName 'AADVerifiedIdAuthorityKeyVaultMetadata' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -478,19 +479,19 @@ function Export-TargetResource $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential if ($Results.KeyVaultMetadata) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyVaultMetadata" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KeyVaultMetadata' -IsCIMArray:$False } $dscContent.Append($currentDSCBlock) | Out-Null Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark $i++ } @@ -527,20 +528,20 @@ function Get-M365DSCVerifiedIdAuthorityObject } Write-Verbose -Message "Retrieving values for authority {$($Authority.didModel.linkedDomainUrls[0])}" - $did = ($Authority.didModel.did -split ":")[1] + $did = ($Authority.didModel.did -split ':')[1] $values = @{ - Id = $Authority.Id - Name = $Authority.Name - LinkedDomainUrl = $Authority.didModel.linkedDomainUrls[0] - DidMethod = $did + Id = $Authority.Id + Name = $Authority.Name + LinkedDomainUrl = $Authority.didModel.linkedDomainUrls[0] + DidMethod = $did } if ($null -ne $Authority.KeyVaultMetadata) { $KeyVaultMetadata = @{ SubscriptionId = $Authority.KeyVaultMetadata.SubscriptionId - ResourceGroup = $Authority.KeyVaultMetadata.ResourceGroup - ResourceName = $Authority.KeyVaultMetadata.ResourceName - ResourceUrl = $Authority.KeyVaultMetadata.ResourceUrl + ResourceGroup = $Authority.KeyVaultMetadata.ResourceGroup + ResourceName = $Authority.KeyVaultMetadata.ResourceName + ResourceUrl = $Authority.KeyVaultMetadata.ResourceUrl } $values.Add('KeyVaultMetadata', $KeyVaultMetadata) @@ -567,20 +568,21 @@ function Invoke-M365DSCVerifiedIdWebRequest ) $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken - "Content-Type" = "application/json" + Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + 'Content-Type' = 'application/json' } - if($Method -eq 'PATCH' -or $Method -eq 'POST') + if ($Method -eq 'PATCH' -or $Method -eq 'POST') { - $BodyJson = $body | ConvertTo-Json + $BodyJson = $body | ConvertTo-Json $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $BodyJson } - else { - $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers + else + { + $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers } - if($Method -eq 'DELETE') + if ($Method -eq 'DELETE') { return $null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.schema.mof index f22542ecdd..bafc19c954 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.schema.mof @@ -1,5 +1,5 @@ [ClassVersion("1.0.0")] -class MSFT_AADVerifiedIdAuthorityKeyVaultMetadata +class MSFT_AADVerifiedIdAuthorityKeyVaultMetadata { [Write, Description("Subscription ID of the Key Vault.")] String SubscriptionId; [Write, Description("Resource group of the Key Vault.")] String ResourceGroup; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/settings.json index cf3ac1ac16..4688a09823 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/settings.json @@ -1,17 +1,16 @@ { "resourceName": "AADVerifiedIdAuthority", "description": "This resource configures an Azure AD Verified Identity Authority.", - "permissions": { - "graph": { - "delegated": { - "read": [], - "update": [] - }, - "application": { - "read": [], - "update": [] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 index 1282f29af5..798db5e0fb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 @@ -63,7 +63,7 @@ function Get-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'AdminAPI' ` - -InboundParameters $PSBoundParameters + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -72,8 +72,8 @@ function Get-TargetResource $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters + -CommandName $CommandName ` + -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion @@ -87,14 +87,14 @@ function Get-TargetResource } else { - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities" + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'GET' $authorities = $response.value if ($null -eq $authorities) { return $nullResult } - $authority = Get-M365DSCVerifiedIdAuthorityObject -Authority ($authorities | Where-Object -FilterScript {$_.didModel.linkedDomainUrls[0] -eq $linkedDomainUrl}) + $authority = Get-M365DSCVerifiedIdAuthorityObject -Authority ($authorities | Where-Object -FilterScript { $_.didModel.linkedDomainUrls[0] -eq $linkedDomainUrl }) if ($null -eq $authority) { @@ -110,26 +110,26 @@ function Get-TargetResource return $nullResult } - $contract = Get-M365DSCVerifiedIdAuthorityContractObject -Contract ($contracts | Where-Object -FilterScript {$_.name -eq $name}) + $contract = Get-M365DSCVerifiedIdAuthorityContractObject -Contract ($contracts | Where-Object -FilterScript { $_.name -eq $name }) if ($null -eq $contract) { return $nullResult } $results = @{ - id = $contract.id - name = $contract.name - linkedDomainUrl = $linkedDomainUrl - authorityId = $authority.Id - displays = $contract.displays - rules = $contract.rules - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - AccessTokens = $AccessTokens + id = $contract.id + name = $contract.name + linkedDomainUrl = $linkedDomainUrl + authorityId = $authority.Id + displays = $contract.displays + rules = $contract.rules + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results @@ -137,10 +137,10 @@ function Get-TargetResource catch { New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential return $nullResult } @@ -231,11 +231,11 @@ function Set-TargetResource $rulesHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $rules $displaysHashmap = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $displays - if($rulesHashmap.attestations.idTokens -ne $null) + if ($rulesHashmap.attestations.idTokens -ne $null) { - foreach($idToken in $rulesHashmap.attestations.idTokens) + foreach ($idToken in $rulesHashmap.attestations.idTokens) { - if($idToken.scopeValue -ne $null) + if ($idToken.scopeValue -ne $null) { $idToken.Add('scope', $idToken.scopeValue) $idToken.Remove('scopeValue') | Out-Null @@ -245,16 +245,16 @@ function Set-TargetResource } $body = @{ - name = $Name - rules = $rulesHashmap + name = $Name + rules = $rulesHashmap displays = $displaysHashmap } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities" + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'GET' $authorities = $response.value - $authority = Get-M365DSCVerifiedIdAuthorityObject -Authority ($authorities | Where-Object -FilterScript {$_.didModel.linkedDomainUrls[0] -eq $linkedDomainUrl}) + $authority = Get-M365DSCVerifiedIdAuthorityObject -Authority ($authorities | Where-Object -FilterScript { $_.didModel.linkedDomainUrls[0] -eq $linkedDomainUrl }) Write-Verbose -Message "Creating an VerifiedId Authority Contract with Name {$name} for Authority Id $($authority.Id)" @@ -270,7 +270,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Warning -Message "Removal of Contracts is not supported" + Write-Warning -Message 'Removal of Contracts is not supported' } } @@ -374,7 +374,8 @@ function Test-TargetResource Write-Verbose "TestResult returned False for $source" $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -384,12 +385,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -458,7 +459,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = "https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities" + $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'GET' [array] $authorities = $response.value @@ -471,7 +472,7 @@ function Export-TargetResource $response = Invoke-M365DSCVerifiedIdWebRequest -Uri $uri -Method 'GET' $contracts = $response.value - foreach($contract in $contracts) + foreach ($contract in $contracts) { $Script:exportedInstances += $contract @@ -498,41 +499,41 @@ function Export-TargetResource if ($Results.Ensure -eq 'Present') { $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results if ($null -ne $Results.displays) { $complexMapping = @( @{ - Name = 'displays' + Name = 'displays' CimInstanceName = 'AADVerifiedIdAuthorityContractDisplayModel' - IsRequired = $False + IsRequired = $False } @{ - Name = 'logo' + Name = 'logo' CimInstanceName = 'AADVerifiedIdAuthorityContractDisplayCredentialLogo' - IsRequired = $False + IsRequired = $False } @{ - Name = 'card' + Name = 'card' CimInstanceName = 'AADVerifiedIdAuthorityContractDisplayCard' - IsRequired = $False + IsRequired = $False } @{ - Name = 'consent' + Name = 'consent' CimInstanceName = 'AADVerifiedIdAuthorityContractDisplayConsent' - IsRequired = $False + IsRequired = $False } @{ - Name = 'claims' + Name = 'claims' CimInstanceName = 'AADVerifiedIdAuthorityContractDisplayClaims' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.displays ` - -CIMInstanceName 'AADVerifiedIdAuthorityContractDisplayModel' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.displays ` + -CIMInstanceName 'AADVerifiedIdAuthorityContractDisplayModel' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -549,60 +550,60 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'rules' + Name = 'rules' CimInstanceName = 'AADVerifiedIdAuthorityContractRulesModel' - IsRequired = $False + IsRequired = $False } @{ - Name = 'attestations' + Name = 'attestations' CimInstanceName = 'AADVerifiedIdAuthorityContractAttestations' - IsRequired = $False + IsRequired = $False } @{ - Name = 'vc' + Name = 'vc' CimInstanceName = 'AADVerifiedIdAuthorityContractVcType' - IsRequired = $False + IsRequired = $False } @{ - Name = 'customStatusEndpoint' + Name = 'customStatusEndpoint' CimInstanceName = 'AADVerifiedIdAuthorityContractCustomStatusEndpoint' - IsRequired = $False + IsRequired = $False } @{ - Name = 'idTokenHints' + Name = 'idTokenHints' CimInstanceName = 'AADVerifiedIdAuthorityContractAttestationValues' - IsRequired = $False + IsRequired = $False } @{ - Name = 'idTokens' + Name = 'idTokens' CimInstanceName = 'AADVerifiedIdAuthorityContractAttestationValues' - IsRequired = $False + IsRequired = $False } @{ - Name = 'presentations' + Name = 'presentations' CimInstanceName = 'AADVerifiedIdAuthorityContractAttestationValues' - IsRequired = $False + IsRequired = $False } @{ - Name = 'selfIssued' + Name = 'selfIssued' CimInstanceName = 'AADVerifiedIdAuthorityContractAttestationValues' - IsRequired = $False + IsRequired = $False } @{ - Name = 'accessTokens' + Name = 'accessTokens' CimInstanceName = 'AADVerifiedIdAuthorityContractAttestationValues' - IsRequired = $False + IsRequired = $False } @{ - Name = 'mapping' + Name = 'mapping' CimInstanceName = 'AADVerifiedIdAuthorityContractClaimMapping' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.rules` - -CIMInstanceName 'AADVerifiedIdAuthorityContractRulesModel' ` - -ComplexTypeMapping $complexMapping + -ComplexObject $Results.rules` + -CIMInstanceName 'AADVerifiedIdAuthorityContractRulesModel' ` + -ComplexTypeMapping $complexMapping if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -616,24 +617,24 @@ function Export-TargetResource $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential if ($Results.displays) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "displays" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'displays' -IsCIMArray:$true } if ($Results.rules) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "rules" -IsCIMArray:$false + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'rules' -IsCIMArray:$false } $dscContent.Append($currentDSCBlock) | Out-Null Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark $i++ } @@ -672,8 +673,8 @@ function Get-M365DSCVerifiedIdAuthorityContractObject Write-Verbose -Message "Retrieving values for contract {$($Contract.name)}" $values = @{ - id = $Contract.id - name = $Contract.name + id = $Contract.id + name = $Contract.name } if ($null -ne $Contract.displays) { @@ -686,27 +687,27 @@ function Get-M365DSCVerifiedIdAuthorityContractObject $claims += @{ claim = $claim.claim label = $claim.label - type = $claim.type + type = $claim.type } } $displays += @{ - locale = $display.locale - card = @{ - title = $display.card.title - issuedBy = $display.card.issuedBy + locale = $display.locale + card = @{ + title = $display.card.title + issuedBy = $display.card.issuedBy backgroundColor = $display.card.backgroundColor - textColor = $display.card.textColor - logo = @{ - uri = $display.card.logo.uri + textColor = $display.card.textColor + logo = @{ + uri = $display.card.logo.uri description = $display.card.logo.description } - description = $display.card.description + description = $display.card.description } consent = @{ - title = $display.consent.title + title = $display.consent.title instructions = $display.consent.instructions } - claims = $claims + claims = $claims } } @@ -718,78 +719,78 @@ function Get-M365DSCVerifiedIdAuthorityContractObject { $rules = @{} $attestations = @{} - if($null -ne $Contract.rules.attestations.idTokenHints) + if ($null -ne $Contract.rules.attestations.idTokenHints) { $idTokenHints = @() - foreach($idTokenHint in $Contract.rules.attestations.idTokenHints) + foreach ($idTokenHint in $Contract.rules.attestations.idTokenHints) { $mapping = @() - foreach($map in $idTokenHint.mapping) + foreach ($map in $idTokenHint.mapping) { $mapping += @{ outputClaim = $map.outputClaim - inputClaim = $map.inputClaim - required = $map.required - indexed = $map.indexed - type = $map.type + inputClaim = $map.inputClaim + required = $map.required + indexed = $map.indexed + type = $map.type } } $idTokenHints += @{ - required = $idTokenHint.required - mapping = $mapping + required = $idTokenHint.required + mapping = $mapping trustedIssuers = $idTokenHint.trustedIssuers } } $attestations.Add('idTokenHints', $idTokenHints) } - if($null -ne $Contract.rules.attestations.idTokens) + if ($null -ne $Contract.rules.attestations.idTokens) { $idTokens = @() - foreach($idToken in $Contract.rules.attestations.idTokens) + foreach ($idToken in $Contract.rules.attestations.idTokens) { $mapping = @() - foreach($map in $idToken.mapping) + foreach ($map in $idToken.mapping) { $mapping += @{ outputClaim = $map.outputClaim - inputClaim = $map.inputClaim - required = $map.required - indexed = $map.indexed - type = $map.type + inputClaim = $map.inputClaim + required = $map.required + indexed = $map.indexed + type = $map.type } } $idTokens += @{ - required = $idToken.required - mapping = $mapping + required = $idToken.required + mapping = $mapping configuration = $idToken.configuration - clientId = $idToken.clientId - redirectUri = $idToken.redirectUri - scopeValue = $idToken.scope + clientId = $idToken.clientId + redirectUri = $idToken.redirectUri + scopeValue = $idToken.scope } } $attestations.Add('idTokens', $idTokens) } - if($null -ne $Contract.rules.attestations.presentations) + if ($null -ne $Contract.rules.attestations.presentations) { $presentations = @() - foreach($presentation in $Contract.rules.attestations.presentations) + foreach ($presentation in $Contract.rules.attestations.presentations) { $mapping = @() - foreach($map in $presentation.mapping) + foreach ($map in $presentation.mapping) { $mapping += @{ outputClaim = $map.outputClaim - inputClaim = $map.inputClaim - required = $map.required - indexed = $map.indexed - type = $map.type + inputClaim = $map.inputClaim + required = $map.required + indexed = $map.indexed + type = $map.type } } $presentations += @{ - required = $presentation.required - mapping = $mapping + required = $presentation.required + mapping = $mapping trustedIssuers = $presentation.trustedIssuers credentialType = $presentation.credentialType } @@ -797,49 +798,49 @@ function Get-M365DSCVerifiedIdAuthorityContractObject $attestations.Add('presentations', $presentations) } - if($null -ne $Contract.rules.attestations.selfIssued) + if ($null -ne $Contract.rules.attestations.selfIssued) { $mySelfIssueds = @() - foreach($mySelfIssued in $Contract.rules.attestations.selfIssued) + foreach ($mySelfIssued in $Contract.rules.attestations.selfIssued) { $mapping = @() - foreach($map in $mySelfIssued.mapping) + foreach ($map in $mySelfIssued.mapping) { $mapping += @{ outputClaim = $map.outputClaim - inputClaim = $map.inputClaim - required = $map.required - indexed = $map.indexed - type = $map.type + inputClaim = $map.inputClaim + required = $map.required + indexed = $map.indexed + type = $map.type } } $mySelfIssueds += @{ required = $mySelfIssued.required - mapping = $mapping + mapping = $mapping } } $attestations.Add('selfIssued', $mySelfIssueds) } - if($null -ne $Contract.rules.attestations.accessTokens) + if ($null -ne $Contract.rules.attestations.accessTokens) { $accessTokens = @() - foreach($accessToken in $Contract.rules.attestations.accessTokens) + foreach ($accessToken in $Contract.rules.attestations.accessTokens) { $mapping = @() - foreach($map in $accessToken.mapping) + foreach ($map in $accessToken.mapping) { $mapping += @{ outputClaim = $map.outputClaim - inputClaim = $map.inputClaim - required = $map.required - indexed = $map.indexed - type = $map.type + inputClaim = $map.inputClaim + required = $map.required + indexed = $map.indexed + type = $map.type } } $accessTokens += @{ required = $accessToken.required - mapping = $mapping + mapping = $mapping } } $attestations.Add('accessTokens', $accessTokens) @@ -848,8 +849,8 @@ function Get-M365DSCVerifiedIdAuthorityContractObject $rules.Add('attestations', $attestations) $rules.Add('vc', @{ - type = $Contract.rules.vc.type - }) + type = $Contract.rules.vc.type + }) $rules.Add('validityInterval', $Contract.rules.validityInterval) $values.Add('rules', $rules) @@ -874,20 +875,20 @@ function Get-M365DSCVerifiedIdAuthorityObject } Write-Verbose -Message "Retrieving values for authority {$($Authority.didModel.linkedDomainUrls[0])}" - $did = ($Authority.didModel.did -split ":")[1] + $did = ($Authority.didModel.did -split ':')[1] $values = @{ - Id = $Authority.Id - Name = $Authority.Name - LinkedDomainUrl = $Authority.didModel.linkedDomainUrls[0] - DidMethod = $did + Id = $Authority.Id + Name = $Authority.Name + LinkedDomainUrl = $Authority.didModel.linkedDomainUrls[0] + DidMethod = $did } if ($null -ne $Authority.KeyVaultMetadata) { $KeyVaultMetadata = @{ SubscriptionId = $Authority.KeyVaultMetadata.SubscriptionId - ResourceGroup = $Authority.KeyVaultMetadata.ResourceGroup - ResourceName = $Authority.KeyVaultMetadata.ResourceName - ResourceUrl = $Authority.KeyVaultMetadata.ResourceUrl + ResourceGroup = $Authority.KeyVaultMetadata.ResourceGroup + ResourceName = $Authority.KeyVaultMetadata.ResourceName + ResourceUrl = $Authority.KeyVaultMetadata.ResourceUrl } $values.Add('KeyVaultMetadata', $KeyVaultMetadata) @@ -914,20 +915,21 @@ function Invoke-M365DSCVerifiedIdWebRequest ) $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken - "Content-Type" = "application/json" + Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + 'Content-Type' = 'application/json' } - if($Method -eq 'PATCH' -or $Method -eq 'POST') + if ($Method -eq 'PATCH' -or $Method -eq 'POST') { $BodyJson = $body | ConvertTo-Json -Depth 10 $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $BodyJson } - else { - $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers + else + { + $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers } - if($Method -eq 'DELETE') + if ($Method -eq 'DELETE') { return $null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 index db746c4549..2302879004 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOOrganizationOwner/MSFT_ADOOrganizationOwner.psm1 @@ -61,7 +61,7 @@ function Get-TargetResource $uri = "https://vsaex.dev.azure.com/$OrganizationName/_apis/userentitlements?api-version=7.2-preview.4" $allUsers = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri - $ownerInfo = $allUsers.Items | Where-Object -FilterScript {$_.id -eq $organizationInfo.owner} + $ownerInfo = $allUsers.Items | Where-Object -FilterScript { $_.id -eq $organizationInfo.owner } $results = @{ OrganizationName = $OrganizationName @@ -140,17 +140,17 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Retrieving all users." + Write-Verbose -Message 'Retrieving all users.' $uri = "https://vsaex.dev.azure.com/$OrganizationName/_apis/userentitlements?api-version=7.2-preview.4" $allUsers = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri - $ownerInfo = $allUsers.items | Where-Object -FilterScript {$_.user.principalName -eq $Owner} + $ownerInfo = $allUsers.items | Where-Object -FilterScript { $_.user.principalName -eq $Owner } if ($null -ne $ownerInfo) { Write-Verbose -Message "Updating owner for organization {$OrganizationName} to {$($ownerInfo.id)}" $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Owner`",`"value`":`"$($ownerInfo.id)`"}]" - $uri ='https://vssps.dev.azure.com/O365DSC-Dev/_apis/Organization/Collections/Me?api-version=7.1-preview.1' + $uri = 'https://vssps.dev.azure.com/O365DSC-Dev/_apis/Organization/Collections/Me?api-version=7.1-preview.1' Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method PATCH -Body $body } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 index ea47dd6dec..b09d2f4cca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroup/MSFT_ADOPermissionGroup.psm1 @@ -90,12 +90,12 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Descriptor)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.descriptor -eq $Descriptor} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.descriptor -eq $Descriptor } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.principalName -eq $PrincipalName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.principalName -eq $PrincipalName } } } else @@ -104,11 +104,11 @@ function Get-TargetResource $allInstances = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).value if (-not [System.String]::IsNullOrEmpty($Descriptor)) { - $instance = $allInstances | Where-Object -FilterScript {$_.descriptor -eq $Descriptor} + $instance = $allInstances | Where-Object -FilterScript { $_.descriptor -eq $Descriptor } } if ($null -eq $instance) { - $instance = $allInstances | Where-Object -FilterScript {$_.principalName -eq $PrincipalName} + $instance = $allInstances | Where-Object -FilterScript { $_.principalName -eq $PrincipalName } } } if ($null -eq $instance) @@ -262,7 +262,7 @@ function Set-TargetResource elseif ($Level -eq 'Project') { $projectName = $PrincipalName.Split(']')[0] - $projectName = $projectName.Substring(1, $projectName.Length -1) + $projectName = $projectName.Substring(1, $projectName.Length - 1) $uri = "https://dev.azure.com/$($OrganizationName)/_apis/projects/$($ProjectName)?api-version=7.1" $response = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri $projectId = $response.id @@ -276,13 +276,13 @@ function Set-TargetResource $newGroup = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method POST -Body $body -ContentType 'application/json' } - Write-Host "NEWGROUP::: $($newGroup | fl * | Out-String)" + Write-Host "NEWGROUP::: $($newGroup | Format-List * | Out-String)" foreach ($member in $Members) { Write-Verbose -Message "Adding Member {$member} to group ${$PrincipalName}" Set-M365DSCADOPermissionGroupMember -OrganizationName $OrganizationName ` - -GroupId $newGroup.originId ` - -PrincipalName $member + -GroupId $newGroup.originId ` + -PrincipalName $member } } # UPDATE @@ -302,17 +302,17 @@ function Set-TargetResource { Write-Verbose -Message "Adding Member {$($diff.InputObject)} to group ${$PrincipalName}" Set-M365DSCADOPermissionGroupMember -OrganizationName $OrganizationName ` - -GroupId $currentInstance.Id ` - -PrincipalName $diff.InputObject ` - -Method 'PUT' + -GroupId $currentInstance.Id ` + -PrincipalName $diff.InputObject ` + -Method 'PUT' } else { Write-Verbose -Message "Removing Member {$($diff.InputObject)} to group ${$PrincipalName}" Set-M365DSCADOPermissionGroupMember -OrganizationName $OrganizationName ` - -GroupId $currentInstance.Id ` - -PrincipalName $diff.InputObject ` - -Method 'DELETE' + -GroupId $currentInstance.Id ` + -PrincipalName $diff.InputObject ` + -Method 'DELETE' } } } @@ -527,7 +527,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } - if (-not $config.principalName.StartsWith("[TEAM FOUNDATION]")) + if (-not $config.principalName.StartsWith('[TEAM FOUNDATION]')) { $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` @@ -587,7 +587,7 @@ function Set-M365DSCADOPermissionGroupMember $uri = "https://vsaex.dev.azure.com/$($OrganizationName)/_apis/userentitlements?api-version=7.2-preview.4" $Script:allUsers = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri } - $user = $Script:allUsers.items | Where-Object -FilterScript {$_.user.principalName -eq $PrincipalName} + $user = $Script:allUsers.items | Where-Object -FilterScript { $_.user.principalName -eq $PrincipalName } $UserId = $user.id $uri = "https://vsaex.dev.azure.com/$($OrganizationName)/_apis/GroupEntitlements/$($GroupId)/members/$($UserId)?api-version=5.0-preview.1" Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method $Method | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroupSettings/MSFT_ADOPermissionGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroupSettings/MSFT_ADOPermissionGroupSettings.psm1 index c405642904..1c1a414033 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroupSettings/MSFT_ADOPermissionGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOPermissionGroupSettings/MSFT_ADOPermissionGroupSettings.psm1 @@ -71,12 +71,12 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Descriptor)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.descriptor -eq $Descriptor} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.descriptor -eq $Descriptor } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.principalName -eq $PrincipalName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.principalName -eq $PrincipalName } } } else @@ -85,11 +85,11 @@ function Get-TargetResource $allInstances = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).value if (-not [System.String]::IsNullOrEmpty($Descriptor)) { - $instance = $allInstances | Where-Object -FilterScript {$_.descriptor -eq $Descriptor} + $instance = $allInstances | Where-Object -FilterScript { $_.descriptor -eq $Descriptor } } if ($null -eq $instance) { - $instance = $allInstances | Where-Object -FilterScript {$_.principalName -eq $PrincipalName} + $instance = $allInstances | Where-Object -FilterScript { $_.principalName -eq $PrincipalName } } } if ($null -eq $instance) @@ -216,21 +216,21 @@ function Set-TargetResource { $allowPermissionValue = 0 $denyPermissionValue = 0 - $allowPermissionsEntries = $AllowPermissions | Where-Object -FilterScript {$_.NamespaceId -eq $namespace.namespaceId} + $allowPermissionsEntries = $AllowPermissions | Where-Object -FilterScript { $_.NamespaceId -eq $namespace.namespaceId } foreach ($entry in $allowPermissionsEntries) { $allowPermissionValue += [Uint32]::Parse($entry.Bit) } - $denyPermissionsEntries = $DenyPermissions | Where-Object -FilterScript {$_.NamespaceId -eq $namespace.namespaceId} + $denyPermissionsEntries = $DenyPermissions | Where-Object -FilterScript { $_.NamespaceId -eq $namespace.namespaceId } foreach ($entry in $denyPermissionsEntries) { $denyPermissionValue += [Uint32]::Parse($entry.Bit) } $updateParams = @{ - merge = $false - token = $namespace.token + merge = $false + token = $namespace.token accessControlEntries = @( @{ descriptor = $descriptor @@ -244,9 +244,9 @@ function Set-TargetResource $body = ConvertTo-Json $updateParams -Depth 10 -Compress Write-Verbose -Message "Updating with payload:`r`n$body" Invoke-M365DSCAzureDevOPSWebRequest -Method POST ` - -Uri $uri ` - -Body $body ` - -ContentType 'application/json' + -Uri $uri ` + -Body $body ` + -ContentType 'application/json' } } @@ -320,10 +320,10 @@ function Test-TargetResource $testResult = $true foreach ($permission in $AllowPermissions) { - $instance = $CurrentValues.AllowPermissions | Where-Object -FilterScript {$_.Token -eq $permission.Token -and ` - $_.DisplayName -eq $permission.DisplayName -and ` - $_.Bit -eq $permission.Bit -and ` - $_.NamespaceId -eq $permission.NamespaceId} + $instance = $CurrentValues.AllowPermissions | Where-Object -FilterScript { $_.Token -eq $permission.Token -and ` + $_.DisplayName -eq $permission.DisplayName -and ` + $_.Bit -eq $permission.Bit -and ` + $_.NamespaceId -eq $permission.NamespaceId } if ($null -eq $instance) { $testResult = $false @@ -333,10 +333,10 @@ function Test-TargetResource foreach ($permission in $DenyPermissions) { - $instance = $CurrentValues.DenyPermissions | Where-Object -FilterScript {$_.Token -eq $permission.Token -and ` - $_.DisplayName -eq $permission.DisplayName -and ` - $_.Bit -eq $permission.Bit -and ` - $_.NamespaceId -eq $permission.NamespaceId} + $instance = $CurrentValues.DenyPermissions | Where-Object -FilterScript { $_.Token -eq $permission.Token -and ` + $_.DisplayName -eq $permission.DisplayName -and ` + $_.Bit -eq $permission.Bit -and ` + $_.NamespaceId -eq $permission.NamespaceId } if ($null -eq $instance) { $testResult = $false @@ -466,7 +466,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } - if (-not $config.principalName.StartsWith("[TEAM FOUNDATION]")) + if (-not $config.principalName.StartsWith('[TEAM FOUNDATION]')) { $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` @@ -545,7 +545,7 @@ function Get-M365DSCADOGroupPermission { $uri = "https://vssps.dev.azure.com/$($OrganizationName)/_apis/graph/groups?api-version=7.1-preview.1" $groupInfo = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri - $mygroup = $groupInfo.value | Where-Object -FilterScript {$_.principalName -eq $GroupName} + $mygroup = $groupInfo.value | Where-Object -FilterScript { $_.principalName -eq $GroupName } $uri = "https://vssps.dev.azure.com/$($OrganizationName)/_apis/identities?subjectDescriptors=$($mygroup.descriptor)&api-version=7.2-preview.1" $info = Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri @@ -590,11 +590,11 @@ function Get-M365DSCADOGroupPermission $bitMaskPositionsFound += $value } - } while($position -ge 0 -and ($position+1) -le $allowBinary.Length) + } while ($position -ge 0 -and ($position + 1) -le $allowBinary.Length) foreach ($bitmask in $bitMaskPositionsFound) { - $associatedAction = $namespace.actions | Where-Object -FilterScript {[Convert]::ToString($_.bit,2) -eq $bitmask} + $associatedAction = $namespace.actions | Where-Object -FilterScript { [Convert]::ToString($_.bit, 2) -eq $bitmask } if (-not [System.String]::IsNullOrEmpty($associatedAction.displayName)) { $entry = @{ @@ -624,11 +624,11 @@ function Get-M365DSCADOGroupPermission $bitMaskPositionsFound += $value } - } while($position -ge 0 -and ($position+1) -le $denyBinary.Length) + } while ($position -ge 0 -and ($position + 1) -le $denyBinary.Length) foreach ($bitmask in $bitMaskPositionsFound) { - $associatedAction = $namespace.actions | Where-Object -FilterScript {[Convert]::ToString($_.bit,2) -eq $bitmask} + $associatedAction = $namespace.actions | Where-Object -FilterScript { [Convert]::ToString($_.bit, 2) -eq $bitmask } if (-not [System.String]::IsNullOrEmpty($associatedAction.displayName)) { $entry = @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 index 675182e6c3..37c748f884 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ADOSecurityPolicy/MSFT_ADOSecurityPolicy.psm1 @@ -87,31 +87,31 @@ function Get-TargetResource try { $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowAadGuestUserAccess?defaultValue" - $DisallowAadGuestUserAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $DisallowAadGuestUserAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowOAuthAuthentication?defaultValue" - $DisallowOAuthAuthenticationValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $DisallowOAuthAuthenticationValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.DisallowSecureShell?defaultValue" - $DisallowSecureShellValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $DisallowSecureShellValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.LogAuditEvents?defaultValue" - $LogAuditEventsValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $LogAuditEventsValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowAnonymousAccess?defaultValue" - $AllowAnonymousAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $AllowAnonymousAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.ArtifactsExternalPackageProtectionToken?defaultValue" - $ArtifactsExternalPackageProtectionTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $ArtifactsExternalPackageProtectionTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.EnforceAADConditionalAccess?defaultValue" - $EnforceAADConditionalAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $EnforceAADConditionalAccessValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowTeamAdminsInvitationsAccessToken?defaultValue" - $AllowTeamAdminsInvitationsAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $AllowTeamAdminsInvitationsAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $uri = "https://dev.azure.com/$($OrganizationName)/_apis/OrganizationPolicy/Policies/Policy.AllowRequestAccessToken?defaultValue" - $AllowRequestAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -uri $uri).Value + $AllowRequestAccessTokenValue = (Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri).Value $results = @{ OrganizationName = $OrganizationName @@ -238,7 +238,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($DisallowAadGuestUserAccess.ToString().ToLower())`"}]" Write-Verbose -Message "Updating DisallowAadGuestUserAccess policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('DisallowOAuthAuthentication')) @@ -247,7 +247,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($DisallowOAuthAuthentication.ToString().ToLower())`"}]" Write-Verbose -Message "Updating DisallowOAuthAuthentication policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('DisallowSecureShell')) @@ -256,7 +256,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($DisallowSecureShell.ToString().ToLower())`"}]" Write-Verbose -Message "Updating DisallowSecureShell policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('LogAuditEvents')) @@ -265,7 +265,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($LogAuditEvents.ToString().ToLower())`"}]" Write-Verbose -Message "Updating LogAuditEvents policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('AllowAnonymousAccess')) @@ -274,7 +274,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($AllowAnonymousAccess.ToString().ToLower())`"}]" Write-Verbose -Message "Updating AllowAnonymousAccess policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('ArtifactsExternalPackageProtectionToken')) @@ -283,7 +283,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($ArtifactsExternalPackageProtectionToken.ToString().ToLower())`"}]" Write-Verbose -Message "Updating ArtifactsExternalPackageProtectionToken policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('EnforceAADConditionalAccess')) @@ -292,7 +292,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($EnforceAADConditionalAccess.ToString().ToLower())`"}]" Write-Verbose -Message "Updating EnforceAADConditionalAccess policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('AllowTeamAdminsInvitationsAccessToken')) @@ -301,7 +301,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($AllowTeamAdminsInvitationsAccessToken.ToString().ToLower())`"}]" Write-Verbose -Message "Updating AllowTeamAdminsInvitationsAccessToken policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } if ($PSBoundParameters.ContainsKey('AllowRequestAccessToken')) @@ -310,7 +310,7 @@ function Set-TargetResource $body = "[{`"from`":`"`",`"op`":2,`"path`":`"/Value`",`"value`":`"$($AllowRequestAccessToken.ToString().ToLower())`"}]" Write-Verbose -Message "Updating AllowRequestAccessToken policy with values: $($body)" - Invoke-M365DSCAzureDevOPSWebRequest -uri $uri -Method 'PATCH' -Body $body + Invoke-M365DSCAzureDevOPSWebRequest -Uri $uri -Method 'PATCH' -Body $body } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountPolicy/MSFT_AzureBillingAccountPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountPolicy/MSFT_AzureBillingAccountPolicy.psm1 index 8b9275b11f..7453c2986d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountPolicy/MSFT_AzureBillingAccountPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountPolicy/MSFT_AzureBillingAccountPolicy.psm1 @@ -207,15 +207,15 @@ function Set-TargetResource authenticationType = $EnterpriseAgreementPolicies.authenticationType departmentAdminViewCharges = $EnterpriseAgreementPolicies.departmentAdminViewCharges } - marketplacePurchases = $MarketplacePurchases - reservationPurchases = $ReservationPurchases - savingsPlanPurchases = $SavingsPlanPurchases + marketplacePurchases = $MarketplacePurchases + reservationPurchases = $ReservationPurchases + savingsPlanPurchases = $SavingsPlanPurchases } } $payload = ConvertTo-Json $instanceParams -Depth 5 -Compress Write-Verbose -Message "Updating billing account policy for {$BillingAccount} with payload:`r`n$($payload)" $uri = "https://management.azure.com/providers/Microsoft.Billing/billingAccounts/$($BillingAccount)/policies/default?api-version=2024-04-01" - $response = Invoke-AzRest -Uri $uri -Method "PUT" -Payload $payload + $response = Invoke-AzRest -Uri $uri -Method 'PUT' -Payload $payload if (-not [System.String]::IsNullOrEmpty($response.Error)) { throw "Error: $($response.Error)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountScheduledAction/MSFT_AzureBillingAccountScheduledAction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountScheduledAction/MSFT_AzureBillingAccountScheduledAction.psm1 index 5eff8056b5..2fb447d83a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountScheduledAction/MSFT_AzureBillingAccountScheduledAction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountScheduledAction/MSFT_AzureBillingAccountScheduledAction.psm1 @@ -85,7 +85,7 @@ function Get-TargetResource $response = Invoke-AzRest -Uri $uri -Method GET $actions = (ConvertFrom-Json ($response.Content)).value - $instance = $actions | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName} + $instance = $actions | Where-Object -FilterScript { $_.properties.displayName -eq $DisplayName } if ($null -eq $instance) { @@ -225,8 +225,8 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParams = @{ - kind = "Email" - properties = @{ + kind = 'Email' + properties = @{ displayName = $DisplayName notificationEmail = $NotificationEmail notification = @{ @@ -234,7 +234,7 @@ function Set-TargetResource subject = $Notification.subject message = $Notification.message } - schedule = @{ + schedule = @{ frequency = $Schedule.frequency weeksOfMonth = $Schedule.weeksOfMonth daysOfWeek = $Schedule.daysOfWeek @@ -242,8 +242,8 @@ function Set-TargetResource endDate = $Schedule.endDate dayOfMonth = $Schedule.dayOfMonth } - viewId = $View - status = $Status + viewId = $View + status = $Status } } $payload = ConvertTo-Json $instanceParams -Depth 10 -Compress diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsAssociatedTenant/MSFT_AzureBillingAccountsAssociatedTenant.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsAssociatedTenant/MSFT_AzureBillingAccountsAssociatedTenant.psm1 index c769d49b29..1b5dbcd84f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsAssociatedTenant/MSFT_AzureBillingAccountsAssociatedTenant.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsAssociatedTenant/MSFT_AzureBillingAccountsAssociatedTenant.psm1 @@ -74,12 +74,12 @@ function Get-TargetResource try { $accounts = Get-M365DSCAzureBillingAccount - $currentAccount = $accounts.value | Where-Object -FilterScript {$_.properties.displayName -eq $BillingAccount} + $currentAccount = $accounts.value | Where-Object -FilterScript { $_.properties.displayName -eq $BillingAccount } if ($null -ne $currentAccount) { $instances = Get-M365DSCAzureBillingAccountsAssociatedTenant -BillingAccountId $currentAccount.Name -ErrorAction Stop - $instance = $instances.value | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName} + $instance = $instances.value | Where-Object -FilterScript { $_.properties.displayName -eq $DisplayName } } if ($null -eq $instance) { @@ -184,7 +184,7 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $billingAccounts = Get-M365DSCAzureBillingAccount - $account = $billingAccounts.value | Where-Object -FilterScript {$_.properties.displayName -eq $BillingAccount} + $account = $billingAccounts.value | Where-Object -FilterScript { $_.properties.displayName -eq $BillingAccount } $instanceParams = @{ properties = @{ @@ -198,24 +198,24 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Adding associated tenant {$AssociatedTenantId}" - New-M365DSCAzureBillingAccountsAssociatedTenant -BillingAccountId $account.Name ` - -AssociatedTenantId $AssociatedTenantId ` - -Body $instanceParams + New-M365DSCAzureBillingAccountsAssociatedTenant -BillingAccountId $account.Name ` + -AssociatedTenantId $AssociatedTenantId ` + -Body $instanceParams } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating associated tenant {$AssociatedTenantId}" - New-M365DSCAzureBillingAccountsAssociatedTenant -BillingAccountId $account.Name ` - -AssociatedTenantId $AssociatedTenantId ` - -Body $instanceParams + New-M365DSCAzureBillingAccountsAssociatedTenant -BillingAccountId $account.Name ` + -AssociatedTenantId $AssociatedTenantId ` + -Body $instanceParams } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing associated tenant {$AssociatedTenantId}" Remove-M365DSCAzureBillingAccountsAssociatedTenant -BillingAccountId $account.Name ` - -AssociatedTenantId $AssociatedTenantId + -AssociatedTenantId $AssociatedTenantId } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsRoleAssignment/MSFT_AzureBillingAccountsRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsRoleAssignment/MSFT_AzureBillingAccountsRoleAssignment.psm1 index e94068b043..8abaac7b00 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsRoleAssignment/MSFT_AzureBillingAccountsRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureBillingAccountsRoleAssignment/MSFT_AzureBillingAccountsRoleAssignment.psm1 @@ -77,21 +77,21 @@ function Get-TargetResource try { $accounts = Get-M365DSCAzureBillingAccount - $currentAccount = $accounts.value | Where-Object -FilterScript {$_.properties.displayName -eq $BillingAccount} + $currentAccount = $accounts.value | Where-Object -FilterScript { $_.properties.displayName -eq $BillingAccount } if ($null -ne $currentAccount) { $instances = Get-M365DSCAzureBillingAccountsRoleAssignment -BillingAccountId $currentAccount.Name -ErrorAction Stop $PrincipalIdValue = Get-M365DSCPrincipalIdFromName -PrincipalName $PrincipalName ` - -PrincipalType $PrincipalType - $instance = $instances.value | Where-Object -FilterScript {$_.properties.principalId -eq $PrincipalIdValue} + -PrincipalType $PrincipalType + $instance = $instances.value | Where-Object -FilterScript { $_.properties.principalId -eq $PrincipalIdValue } if ($null -ne $instance) { $roleDefinitionId = $instance.properties.roleDefinitionId.Split('/') - $roleDefinitionId = $roleDefinitionId[$roleDefinitionId.Length -1] + $roleDefinitionId = $roleDefinitionId[$roleDefinitionId.Length - 1] $RoleDefinitionValue = Get-M365DSCAzureBillingAccountsRoleDefinition -BillingAccountId $currentAccount.Name ` - -RoleDefinitionId $roleDefinitionId + -RoleDefinitionId $roleDefinitionId } } if ($null -eq $instance) @@ -199,11 +199,11 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $billingAccounts = Get-M365DSCAzureBillingAccount - $account = $billingAccounts.value | Where-Object -FilterScript {$_.properties.displayName -eq $BillingAccount} + $account = $billingAccounts.value | Where-Object -FilterScript { $_.properties.displayName -eq $BillingAccount } $PrincipalIdValue = Get-M365DSCPrincipalIdFromName -PrincipalName $PrincipalName ` - -PrincipalType $PrincipalType + -PrincipalType $PrincipalType $RoleDefinitionValues = Get-M365DSCAzureBillingAccountsRoleDefinition -BillingAccountId $account.Name - $roleDefinitionInstance = $RoleDefinitionValues.value | Where-Object -FilterScript {$_.properties.roleName -eq $currentInstance.RoleDefinition} + $roleDefinitionInstance = $RoleDefinitionValues.value | Where-Object -FilterScript { $_.properties.roleName -eq $currentInstance.RoleDefinition } $instanceParams = @{ principalId = $PrincipalIdValue principalTenantId = $currentInstance.PrincipalTenantId @@ -214,25 +214,25 @@ function Set-TargetResource { Write-Verbose -Message "Adding new role assignment for user {$PrincipalName} for role {$RoleDefinition}" New-M365DSCAzureBillingAccountsRoleAssignment -BillingAccountId $account.Name ` - -Body $instanceParams + -Body $instanceParams } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating role assignment for user {$PrincipalName} for role {$RoleDefinition}" New-M365DSCAzureBillingAccountsRoleAssignment -BillingAccountId $account.Name ` - -Body $instanceParams + -Body $instanceParams } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { $instances = Get-M365DSCAzureBillingAccountsRoleAssignment -BillingAccountId $account.Name -ErrorAction Stop - $instance = $instances.value | Where-Object -FilterScript {$_.properties.principalId -eq $PrincipalIdValue} + $instance = $instances.value | Where-Object -FilterScript { $_.properties.principalId -eq $PrincipalIdValue } $AssignmentId = $instance.Id.Split('/') - $AssignmentId = $AssignmentId[$roleDefinitionId.Length -1] + $AssignmentId = $AssignmentId[$roleDefinitionId.Length - 1] Write-Verbose -Message "Removing role assignment for user {$PrincipalName} for role {$RoleDefinition}" Remove-M365DSCAzureBillingAccountsRoleAssignment -BillingAccountId $account.Name ` - -AssignmentId $AssignmentId + -AssignmentId $AssignmentId } } @@ -406,9 +406,9 @@ function Export-TargetResource } $PrincipalNameValue = Get-M365DSCPrincipalNameFromId -PrincipalId $assignment.properties.principalId ` - -PrincipalType $assignment.properties.principalType + -PrincipalType $assignment.properties.principalType $roleDefinitionId = $assignment.properties.roleDefinitionId.Split('/') - $roleDefinitionId = $roleDefinitionId[$roleDefinitionId.Length -1] + $roleDefinitionId = $roleDefinitionId[$roleDefinitionId.Length - 1] Write-Host " |---[$j/$($assignments.value.Length)] $($assignment.properties.principalId)" -NoNewline $params = @{ @@ -416,7 +416,7 @@ function Export-TargetResource PrincipalName = $PrincipalNameValue PrincipalType = $assignment.properties.principalType PrincipalTenantId = $assignment.properties.principalTenantId - RoleDefinition = "AnyRole" + RoleDefinition = 'AnyRole' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettings/MSFT_AzureDiagnosticSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettings/MSFT_AzureDiagnosticSettings.psm1 index 80feadcbc8..c2397e5464 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettings/MSFT_AzureDiagnosticSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettings/MSFT_AzureDiagnosticSettings.psm1 @@ -83,14 +83,14 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.name -eq $Name } } else { $response = Invoke-AzRest -Uri 'https://management.azure.com/providers/microsoft.aadiam/diagnosticsettings?api-version=2017-04-01-preview' ` - -Method Get + -Method Get $instances = (ConvertFrom-Json $response.Content).value - $instance = $instances | Where-Object -FilterScript {$_.name -eq $Name} + $instance = $instances | Where-Object -FilterScript { $_.name -eq $Name } } if ($null -eq $instance) { @@ -215,9 +215,9 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParams = @{ - name = $Name + name = $Name properties = @{ - logs = @() + logs = @() } } @@ -263,15 +263,15 @@ function Set-TargetResource Write-Verbose -Message "Updating diagnostic setting {$Name}" } $response = Invoke-AzRest -Uri "https://management.azure.com/providers/microsoft.aadiam/diagnosticsettings/$($Name)?api-version=2017-04-01-preview" ` - -Method PUT ` - -Payload $payload + -Method PUT ` + -Payload $payload } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing diagnostic setting {$Name}" $response = Invoke-AzRest -Uri "https://management.azure.com/providers/microsoft.aadiam/diagnosticsettings/$($Name)?api-version=2017-04-01-preview" ` - -Method DELETE + -Method DELETE } } @@ -447,7 +447,7 @@ function Export-TargetResource { $Script:ExportMode = $true $response = Invoke-AzRest -Uri 'https://management.azure.com/providers/microsoft.aadiam/diagnosticsettings?api-version=2017-04-01-preview' ` - -Method Get + -Method Get [array] $Script:exportedInstances = (ConvertFrom-Json $response.Content).value $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute.psm1 index 6c98d19639..188bb86c70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute/MSFT_AzureDiagnosticSettingsCustomSecurityAttribute.psm1 @@ -83,14 +83,14 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.name -eq $Name } } else { $response = Invoke-AzRest -Uri 'https://management.azure.com/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticsettings?api-version=2017-04-01-preview' ` - -Method Get + -Method Get $instances = (ConvertFrom-Json $response.Content).value - $instance = $instances | Where-Object -FilterScript {$_.name -eq $Name} + $instance = $instances | Where-Object -FilterScript { $_.name -eq $Name } } if ($null -eq $instance) { @@ -215,9 +215,9 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParams = @{ - name = $Name + name = $Name properties = @{ - logs = @() + logs = @() } } @@ -263,8 +263,8 @@ function Set-TargetResource Write-Verbose -Message "Updating diagnostic setting {$Name}" } $response = Invoke-AzRest -Uri "https://management.azure.com/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticsettings/$($Name)?api-version=2017-04-01-preview" ` - -Method PUT ` - -Payload $payload + -Method PUT ` + -Payload $payload Write-Verbose -Message "RESPONSE: $($response.Content)" } # REMOVE @@ -272,7 +272,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing diagnostic setting {$Name}" $response = Invoke-AzRest -Uri "https://management.azure.com/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticsettings/$($Name)?api-version=2017-04-01-preview" ` - -Method DELETE + -Method DELETE } } @@ -448,7 +448,7 @@ function Export-TargetResource { $Script:ExportMode = $true $response = Invoke-AzRest -Uri 'https://management.azure.com/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticsettings?api-version=2017-04-01-preview' ` - -Method Get + -Method Get [array] $Script:exportedInstances = (ConvertFrom-Json $response.Content).value $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 index 17b50e1dda..f9bc25c333 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureSubscription/MSFT_AzureSubscription.psm1 @@ -73,12 +73,12 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Id } } elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($Name)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName -and ` - $_.properties.invoiceSectionId -eq $InvoiceSectionId} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.properties.displayName -eq $DisplayName -and ` + $_.properties.invoiceSectionId -eq $InvoiceSectionId } } } else @@ -94,7 +94,7 @@ function Get-TargetResource $uri = "https://management.azure.com$($InvoiceSectionId)/billingSubscriptions?api-version=2024-04-01" $response = Invoke-AzRest -Uri $uri -Method Get $instances = (ConvertFrom-Json $response.Content).value - $instance = $instances | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName} + $instance = $instances | Where-Object -FilterScript { $_.properties.displayName -eq $DisplayName } } } if ($null -eq $instance) @@ -198,12 +198,12 @@ function Set-TargetResource # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $uri = "https://management.azure.com/providers/Microsoft.Subscription/aliases/$((New-GUID).ToString())?api-version=2021-10-01" + $uri = "https://management.azure.com/providers/Microsoft.Subscription/aliases/$((New-Guid).ToString())?api-version=2021-10-01" $params = @{ properties = @{ billingScope = $InvoiceSectionId DisplayName = $DisplayName - Workload = "Production" + Workload = 'Production' } } $payload = ConvertTo-Json $params -Depth 10 -Compress diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 index 4e9907eafa..2198e9fce0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 @@ -403,7 +403,7 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/MSFT_DefenderDeviceAuthenticatedScanDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/MSFT_DefenderDeviceAuthenticatedScanDefinition.psm1 index 54da575452..70b2391927 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/MSFT_DefenderDeviceAuthenticatedScanDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/MSFT_DefenderDeviceAuthenticatedScanDefinition.psm1 @@ -89,24 +89,24 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.id -eq $Id } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.scanName -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.scanName -eq $Name } } } else { $instances = (Invoke-M365DSCDefenderREST -Uri 'https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions' ` - -Method GET).value + -Method GET).value if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $instances | Where-Object -FilterScript {$_.id -eq $Id} + $instance = $instances | Where-Object -FilterScript { $_.id -eq $Id } } if ($null -eq $instance) { - $instance = $instances | Where-Object -FilterScript {$_.scanName -eq $Name} + $instance = $instances | Where-Object -FilterScript { $_.scanName -eq $Name } } } if ($null -eq $instance) @@ -118,8 +118,8 @@ function Get-TargetResource if ($null -ne $instance.scannerAgent) { $ScannerAgentValue = @{ - id = $instance.scannerAgent.id - machineId = $instance.scannerAgent.machineId + id = $instance.scannerAgent.id + machineId = $instance.scannerAgent.machineId machineName = $instance.scannerAgent.machineName } } @@ -146,8 +146,8 @@ function Get-TargetResource else { $ScanAuthenticationParamsValue = @{ - "@odata.context" = "#microsoft.windowsDefenderATP.api.SnmpAuthParams" - Type = "NoAuthNoPriv" + '@odata.context' = '#microsoft.windowsDefenderATP.api.SnmpAuthParams' + Type = 'NoAuthNoPriv' } } @@ -265,61 +265,61 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParams = @{ - scanType = $ScanType - scanName = $Name - isActive = $IsActive - target = $Target - intervalInHours = $IntervalInHours - scannerAgent = @{ + scanType = $ScanType + scanName = $Name + isActive = $IsActive + target = $Target + intervalInHours = $IntervalInHours + scannerAgent = @{ machineName = $ScannerAgent.machineName id = $ScannerAgent.id } - targetType = 'Ip' + targetType = 'Ip' scanAuthenticationParams = @{ - "@odata.type" = $ScanAuthenticationParams.DataType - type = $ScanAuthenticationParams.Type + '@odata.type' = $ScanAuthenticationParams.DataType + type = $ScanAuthenticationParams.Type } } if ($null -ne $ScanAuthenticationParams.KeyVaultUrl) { - $instanceParams.scanAuthenticationParams.Add("keyVaultUrl", $ScanAuthenticationParams.KeyVaultUrl) + $instanceParams.scanAuthenticationParams.Add('keyVaultUrl', $ScanAuthenticationParams.KeyVaultUrl) } if ($null -ne $ScanAuthenticationParams.KeyVaultSecretName) { - $instanceParams.scanAuthenticationParams.Add("keyVaultSecretName", $ScanAuthenticationParams.KeyVaultSecretName) + $instanceParams.scanAuthenticationParams.Add('keyVaultSecretName', $ScanAuthenticationParams.KeyVaultSecretName) } if ($null -ne $ScanAuthenticationParams.Domain) { - $instanceParams.scanAuthenticationParams.Add("domain", $ScanAuthenticationParams.Domain) + $instanceParams.scanAuthenticationParams.Add('domain', $ScanAuthenticationParams.Domain) } if ($null -ne $ScanAuthenticationParams.Username) { - $instanceParams.scanAuthenticationParams.Add("username", $ScanAuthenticationParams.Username) + $instanceParams.scanAuthenticationParams.Add('username', $ScanAuthenticationParams.Username) } if ($null -ne $ScanAuthenticationParams.IsGMSAUser) { - $instanceParams.scanAuthenticationParams.Add("isGMSAUser", $ScanAuthenticationParams.IsGMSAUser) + $instanceParams.scanAuthenticationParams.Add('isGMSAUser', $ScanAuthenticationParams.IsGMSAUser) } if ($null -ne $ScanAuthenticationParams.CommunityString) { - $instanceParams.scanAuthenticationParams.Add("communityString", $ScanAuthenticationParams.CommunityString) + $instanceParams.scanAuthenticationParams.Add('communityString', $ScanAuthenticationParams.CommunityString) } if ($null -ne $ScanAuthenticationParams.AuthProtocol) { - $instanceParams.scanAuthenticationParams.Add("authProtocol", $ScanAuthenticationParams.AuthProtocol) + $instanceParams.scanAuthenticationParams.Add('authProtocol', $ScanAuthenticationParams.AuthProtocol) } if ($null -ne $ScanAuthenticationParams.AuthPassword) { - $instanceParams.scanAuthenticationParams.Add("authPassword", $ScanAuthenticationParams.AuthPassword) + $instanceParams.scanAuthenticationParams.Add('authPassword', $ScanAuthenticationParams.AuthPassword) } if ($null -ne $ScanAuthenticationParams.PrivProtocol) { - $instanceParams.scanAuthenticationParams.Add("privProtocol", $ScanAuthenticationParams.PrivProtocol) + $instanceParams.scanAuthenticationParams.Add('privProtocol', $ScanAuthenticationParams.PrivProtocol) } if ($null -ne $ScanAuthenticationParams.PrivPassword) { - $instanceParams.scanAuthenticationParams.Add("privPassword", $ScanAuthenticationParams.PrivPassword) + $instanceParams.scanAuthenticationParams.Add('privPassword', $ScanAuthenticationParams.PrivPassword) } # CREATE @@ -327,8 +327,8 @@ function Set-TargetResource { Write-Verbose -Message "Creating new device authenticated scan definition {$Name} with payload:`r`n$(ConvertTo-Json $instanceParams -Depth 10)" $response = Invoke-M365DSCDefenderREST -Uri 'https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions' ` - -Method POST ` - -Body $instanceParams + -Method POST ` + -Body $instanceParams Write-Verbose -Message "Response:`r`n$($response.Content)" } # UPDATE @@ -336,8 +336,8 @@ function Set-TargetResource { Write-Verbose -Message "Updating device authenticated scan definition {$Name} with payload:`r`n$(ConvertTo-Json $instanceParams -Depth 10)" $response = Invoke-M365DSCDefenderREST -Uri "https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions/$($currentInstance.Id)" ` - -Method PATCH ` - -Body $instanceParams + -Method PATCH ` + -Body $instanceParams Write-Verbose -Message "Response:`r`n$($response.Content)" } # REMOVE @@ -347,9 +347,9 @@ function Set-TargetResource ScanDefinitionIds = @($currentInstance.Id) } Write-Verbose -Message "Deleting device authenticated scan definition {$Name} with payload:`r`n$(ConvertTo-Json $instanceParams -Depth 10)" - $response = Invoke-M365DSCDefenderREST -Uri "https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions/BatchDelete" ` - -Method POST ` - -Body $instanceParams + $response = Invoke-M365DSCDefenderREST -Uri 'https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions/BatchDelete' ` + -Method POST ` + -Body $instanceParams Write-Verbose -Message "Response:`r`n$($response.Content)" } } @@ -443,7 +443,7 @@ function Test-TargetResource $testResult = $true # Once set, these cannot be retrieved nor changed. - $ValuesToCheck.Remove("ScanAuthenticationParams") | Out-Null + $ValuesToCheck.Remove('ScanAuthenticationParams') | Out-Null #Compare Cim instances foreach ($key in $PSBoundParameters.Keys) @@ -469,9 +469,9 @@ function Test-TargetResource if ($testResult) { $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys } Write-Verbose -Message "Test-TargetResource returned $testResult" @@ -533,7 +533,7 @@ function Export-TargetResource { $Script:ExportMode = $true [array] $Script:exportedInstances = (Invoke-M365DSCDefenderREST -Uri 'https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions' ` - -Method GET).value + -Method GET).value $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 index 13a1b423f4..9c66bc6907 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderSubscriptionPlan/MSFT_DefenderSubscriptionPlan.psm1 @@ -83,11 +83,11 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($SubscriptionId)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.SubscriptionId -eq $SubscriptionId -and $_.Name -eq $PlanName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.SubscriptionId -eq $SubscriptionId -and $_.Name -eq $PlanName } } elseif ($null -eq $instance -and -not [System.String]::IsNullOrEmpty($SubscriptionName)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.SubscriptionName -eq $SubscriptionName -and $_.Name -eq $PlanName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.SubscriptionName -eq $SubscriptionName -and $_.Name -eq $PlanName } } } else @@ -97,20 +97,20 @@ function Get-TargetResource { $subscription = Get-AzSubscription -SubscriptionName $SubscriptionName - if($subscription -ne $null) + if ($subscription -ne $null) { $subscriptionId = $subscription.Id } } - if($subscriptionId -ne $null) + if ($subscriptionId -ne $null) { - Set-AzContext -Subscription $subscriptionId -ErrorAction Stop - $instance = Get-AzSecurityPricing -Name $PlanName -ErrorAction Stop - $azContext = Get-AzContext - Add-Member -InputObject $instance -NotePropertyName "SubscriptionName" -NotePropertyValue $azContext.Subscription.Name - Add-Member -InputObject $instance -NotePropertyName "SubscriptionId" -NotePropertyValue $azContext.Subscription.Id + Set-AzContext -Subscription $subscriptionId -ErrorAction Stop + $instance = Get-AzSecurityPricing -Name $PlanName -ErrorAction Stop + $azContext = Get-AzContext + Add-Member -InputObject $instance -NotePropertyName 'SubscriptionName' -NotePropertyValue $azContext.Subscription.Name + Add-Member -InputObject $instance -NotePropertyName 'SubscriptionId' -NotePropertyValue $azContext.Subscription.Id } } @@ -234,7 +234,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Set-AzContext -Subscription $currentInstance.SubscriptionId -ErrorAction Stop - if($Extensions) + if ($Extensions) { Set-AzSecurityPricing -Name $PlanName -PricingTier $PricingTier -SubPlan $SubPlanName -Extension $Extensions -ErrorAction Stop } @@ -457,17 +457,17 @@ function Get-SubscriptionsDefenderPlansFromArg try { $results = @() - $argQuery=@' + $argQuery = @' securityresources | where type == "microsoft.security/pricings" | project Id=id, PlanName=name, SubscriptionId=subscriptionId, SubPlan=tostring(properties.subPlan), PricingTier=tostring(properties.pricingTier), Extensions=tostring(properties.extensions) | join kind=inner (resourcecontainers | where type == "microsoft.resources/subscriptions" | project SubscriptionName = name, SubscriptionId = subscriptionId) on SubscriptionId | project-away SubscriptionId1 '@ $queryResult = Search-AzGraph -Query $argQuery -First 1000 -UseTenantScope -ErrorAction Stop $results += $queryResult.Data - while($queryResult.SkipToken -ne $null) + while ($queryResult.SkipToken -ne $null) { - $queryResult = Search-AzGraph -Query $argQuery -First 1000 -UseTenantScope -SkipToken $queryResult.SkipToken -ErrorAction Stop - $results+=$queryResult.Data + $queryResult = Search-AzGraph -Query $argQuery -First 1000 -UseTenantScope -SkipToken $queryResult.SkipToken -ErrorAction Stop + $results += $queryResult.Data } return $results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOATPBuiltInProtectionRule/MSFT_EXOATPBuiltInProtectionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOATPBuiltInProtectionRule/MSFT_EXOATPBuiltInProtectionRule.psm1 index 8deb5252dc..ae19d28f7d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOATPBuiltInProtectionRule/MSFT_EXOATPBuiltInProtectionRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOATPBuiltInProtectionRule/MSFT_EXOATPBuiltInProtectionRule.psm1 @@ -255,7 +255,7 @@ function Test-TargetResource { switch -regex ($key) { - "^ExceptIf\w+$" + '^ExceptIf\w+$' { $CurrentValues[$key] = @() break diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncDeviceAccessRule/MSFT_EXOActiveSyncDeviceAccessRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncDeviceAccessRule/MSFT_EXOActiveSyncDeviceAccessRule.psm1 index 658a073396..001c00dc45 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncDeviceAccessRule/MSFT_EXOActiveSyncDeviceAccessRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncDeviceAccessRule/MSFT_EXOActiveSyncDeviceAccessRule.psm1 @@ -95,7 +95,7 @@ function Get-TargetResource if ($null -eq $ActiveSyncDeviceAccessRule) { - Write-Verbose -Message "Trying to retrieve instance by Identity" + Write-Verbose -Message 'Trying to retrieve instance by Identity' $ActiveSyncDeviceAccessRule = Get-ActiveSyncDeviceAccessRule -Identity $Identity -ErrorAction 'SilentlyContinue' if ($null -eq $ActiveSyncDeviceAccessRule) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1 index 80cee1cb8b..366a3eb245 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1 @@ -14,7 +14,7 @@ [Parameter()] [System.String] - [ValidateSet("Disable", "HandsfreeOnly", "Allow")] + [ValidateSet('Disable', 'HandsfreeOnly', 'Allow')] $AllowBluetooth, [Parameter()] @@ -147,7 +147,7 @@ [Parameter()] [System.String] - [ValidateSet("All", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths")] + [ValidateSet('All', 'TwoWeeks', 'OneMonth', 'ThreeMonths', 'SixMonths')] $MaxCalendarAgeFilter, [Parameter()] @@ -156,7 +156,7 @@ [Parameter()] [System.String] - [ValidateSet("All", "OneDay", "ThreeDays", "OneWeek", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths")] + [ValidateSet('All', 'OneDay', 'ThreeDays', 'OneWeek', 'TwoWeeks', 'OneMonth', 'ThreeMonths', 'SixMonths')] $MaxEmailAgeFilter, [Parameter()] @@ -275,7 +275,7 @@ { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -287,68 +287,68 @@ } $results = @{ - Ensure = 'Present' - Name = [System.String]$instance.Name - AllowApplePushNotifications = [System.Boolean]$instance.AllowApplePushNotifications - AllowBluetooth = [System.String]$instance.AllowBluetooth - AllowBrowser = [System.Boolean]$instance.AllowBrowser - AllowCamera = [System.Boolean]$instance.AllowCamera - AllowConsumerEmail = [System.Boolean]$instance.AllowConsumerEmail - AllowDesktopSync = [System.Boolean]$instance.AllowDesktopSync - AllowExternalDeviceManagement = [System.Boolean]$instance.AllowExternalDeviceManagement - AllowHTMLEmail = [System.Boolean]$instance.AllowHTMLEmail - AllowInternetSharing = [System.Boolean]$instance.AllowInternetSharing - AllowIrDA = [System.Boolean]$instance.AllowIrDA - AllowMobileOTAUpdate = [System.Boolean]$instance.AllowMobileOTAUpdate - AllowNonProvisionableDevices = [System.Boolean]$instance.AllowNonProvisionableDevices - AllowPOPIMAPEmail = [System.Boolean]$instance.AllowPOPIMAPEmail - AllowRemoteDesktop = [System.Boolean]$instance.AllowRemoteDesktop - AllowSimpleDevicePassword = [System.Boolean]$instance.AllowSimpleDevicePassword + Ensure = 'Present' + Name = [System.String]$instance.Name + AllowApplePushNotifications = [System.Boolean]$instance.AllowApplePushNotifications + AllowBluetooth = [System.String]$instance.AllowBluetooth + AllowBrowser = [System.Boolean]$instance.AllowBrowser + AllowCamera = [System.Boolean]$instance.AllowCamera + AllowConsumerEmail = [System.Boolean]$instance.AllowConsumerEmail + AllowDesktopSync = [System.Boolean]$instance.AllowDesktopSync + AllowExternalDeviceManagement = [System.Boolean]$instance.AllowExternalDeviceManagement + AllowHTMLEmail = [System.Boolean]$instance.AllowHTMLEmail + AllowInternetSharing = [System.Boolean]$instance.AllowInternetSharing + AllowIrDA = [System.Boolean]$instance.AllowIrDA + AllowMobileOTAUpdate = [System.Boolean]$instance.AllowMobileOTAUpdate + AllowNonProvisionableDevices = [System.Boolean]$instance.AllowNonProvisionableDevices + AllowPOPIMAPEmail = [System.Boolean]$instance.AllowPOPIMAPEmail + AllowRemoteDesktop = [System.Boolean]$instance.AllowRemoteDesktop + AllowSimpleDevicePassword = [System.Boolean]$instance.AllowSimpleDevicePassword AllowSMIMEEncryptionAlgorithmNegotiation = [System.String]$instance.AllowSMIMEEncryptionAlgorithmNegotiation - AllowSMIMESoftCerts = [System.Boolean]$instance.AllowSMIMESoftCerts - AllowStorageCard = [System.Boolean]$instance.AllowStorageCard - AllowTextMessaging = [System.Boolean]$instance.AllowTextMessaging - AllowUnsignedApplications = [System.Boolean]$instance.AllowUnsignedApplications - AllowUnsignedInstallationPackages = [System.Boolean]$instance.AllowUnsignedInstallationPackages - AllowWiFi = [System.Boolean]$instance.AllowWiFi - AlphanumericDevicePasswordRequired = [System.Boolean]$instance.AlphanumericDevicePasswordRequired - ApprovedApplicationList = [System.String[]]$instance.ApprovedApplicationList - AttachmentsEnabled = [System.Boolean]$instance.AttachmentsEnabled - DeviceEncryptionEnabled = [System.Boolean]$instance.DeviceEncryptionEnabled - DevicePasswordEnabled = [System.Boolean]$instance.DevicePasswordEnabled - DevicePasswordExpiration = [System.String]$instance.DevicePasswordExpiration - DevicePasswordHistory = [System.Int32]$instance.DevicePasswordHistory - DevicePolicyRefreshInterval = [System.String]$instance.DevicePolicyRefreshInterval - IrmEnabled = [System.Boolean]$instance.IrmEnabled - IsDefault = [System.Boolean]$instance.IsDefault - IsDefaultPolicy = [System.Boolean]$instance.IsDefaultPolicy - MaxAttachmentSize = [System.String]$instance.MaxAttachmentSize - MaxCalendarAgeFilter = [System.String]$instance.MaxCalendarAgeFilter - MaxDevicePasswordFailedAttempts = [System.String]$instance.MaxDevicePasswordFailedAttempts - MaxEmailAgeFilter = [System.String]$instance.MaxEmailAgeFilter - MaxEmailBodyTruncationSize = [System.String]$instance.MaxEmailBodyTruncationSize - MaxEmailHTMLBodyTruncationSize = [System.String]$instance.MaxEmailHTMLBodyTruncationSize - MaxInactivityTimeDeviceLock = [System.String]$instance.MaxInactivityTimeDeviceLock - MinDevicePasswordComplexCharacters = [System.Int32]$instance.MinDevicePasswordComplexCharacters - MinDevicePasswordLength = [System.Int32]$instance.MinDevicePasswordLength - PasswordRecoveryEnabled = [System.Boolean]$instance.PasswordRecoveryEnabled - RequireDeviceEncryption = [System.Boolean]$instance.RequireDeviceEncryption - RequireEncryptedSMIMEMessages = [System.Boolean]$instance.RequireEncryptedSMIMEMessages - RequireEncryptionSMIMEAlgorithm = [System.String]$instance.RequireEncryptionSMIMEAlgorithm - RequireManualSyncWhenRoaming = [System.Boolean]$instance.RequireManualSyncWhenRoaming - RequireSignedSMIMEAlgorithm = [System.String]$instance.RequireSignedSMIMEAlgorithm - RequireSignedSMIMEMessages = [System.Boolean]$instance.RequireSignedSMIMEMessages - RequireStorageCardEncryption = [System.Boolean]$instance.RequireStorageCardEncryption - UnapprovedInROMApplicationList = [System.String[]]$instance.UnapprovedInROMApplicationList - UNCAccessEnabled = [System.Boolean]$instance.UNCAccessEnabled - WSSAccessEnabled = [System.Boolean]$instance.WSSAccessEnabled - Identity = [System.String]$Identity - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + AllowSMIMESoftCerts = [System.Boolean]$instance.AllowSMIMESoftCerts + AllowStorageCard = [System.Boolean]$instance.AllowStorageCard + AllowTextMessaging = [System.Boolean]$instance.AllowTextMessaging + AllowUnsignedApplications = [System.Boolean]$instance.AllowUnsignedApplications + AllowUnsignedInstallationPackages = [System.Boolean]$instance.AllowUnsignedInstallationPackages + AllowWiFi = [System.Boolean]$instance.AllowWiFi + AlphanumericDevicePasswordRequired = [System.Boolean]$instance.AlphanumericDevicePasswordRequired + ApprovedApplicationList = [System.String[]]$instance.ApprovedApplicationList + AttachmentsEnabled = [System.Boolean]$instance.AttachmentsEnabled + DeviceEncryptionEnabled = [System.Boolean]$instance.DeviceEncryptionEnabled + DevicePasswordEnabled = [System.Boolean]$instance.DevicePasswordEnabled + DevicePasswordExpiration = [System.String]$instance.DevicePasswordExpiration + DevicePasswordHistory = [System.Int32]$instance.DevicePasswordHistory + DevicePolicyRefreshInterval = [System.String]$instance.DevicePolicyRefreshInterval + IrmEnabled = [System.Boolean]$instance.IrmEnabled + IsDefault = [System.Boolean]$instance.IsDefault + IsDefaultPolicy = [System.Boolean]$instance.IsDefaultPolicy + MaxAttachmentSize = [System.String]$instance.MaxAttachmentSize + MaxCalendarAgeFilter = [System.String]$instance.MaxCalendarAgeFilter + MaxDevicePasswordFailedAttempts = [System.String]$instance.MaxDevicePasswordFailedAttempts + MaxEmailAgeFilter = [System.String]$instance.MaxEmailAgeFilter + MaxEmailBodyTruncationSize = [System.String]$instance.MaxEmailBodyTruncationSize + MaxEmailHTMLBodyTruncationSize = [System.String]$instance.MaxEmailHTMLBodyTruncationSize + MaxInactivityTimeDeviceLock = [System.String]$instance.MaxInactivityTimeDeviceLock + MinDevicePasswordComplexCharacters = [System.Int32]$instance.MinDevicePasswordComplexCharacters + MinDevicePasswordLength = [System.Int32]$instance.MinDevicePasswordLength + PasswordRecoveryEnabled = [System.Boolean]$instance.PasswordRecoveryEnabled + RequireDeviceEncryption = [System.Boolean]$instance.RequireDeviceEncryption + RequireEncryptedSMIMEMessages = [System.Boolean]$instance.RequireEncryptedSMIMEMessages + RequireEncryptionSMIMEAlgorithm = [System.String]$instance.RequireEncryptionSMIMEAlgorithm + RequireManualSyncWhenRoaming = [System.Boolean]$instance.RequireManualSyncWhenRoaming + RequireSignedSMIMEAlgorithm = [System.String]$instance.RequireSignedSMIMEAlgorithm + RequireSignedSMIMEMessages = [System.Boolean]$instance.RequireSignedSMIMEMessages + RequireStorageCardEncryption = [System.Boolean]$instance.RequireStorageCardEncryption + UnapprovedInROMApplicationList = [System.String[]]$instance.UnapprovedInROMApplicationList + UNCAccessEnabled = [System.Boolean]$instance.UNCAccessEnabled + WSSAccessEnabled = [System.Boolean]$instance.WSSAccessEnabled + Identity = [System.String]$Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -379,7 +379,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("Disable", "HandsfreeOnly", "Allow")] + [ValidateSet('Disable', 'HandsfreeOnly', 'Allow')] $AllowBluetooth, [Parameter()] @@ -512,7 +512,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("All", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths")] + [ValidateSet('All', 'TwoWeeks', 'OneMonth', 'ThreeMonths', 'SixMonths')] $MaxCalendarAgeFilter, [Parameter()] @@ -521,7 +521,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("All", "OneDay", "ThreeDays", "OneWeek", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths")] + [ValidateSet('All', 'OneDay', 'ThreeDays', 'OneWeek', 'TwoWeeks', 'OneMonth', 'ThreeMonths', 'SixMonths')] $MaxEmailAgeFilter, [Parameter()] @@ -642,7 +642,7 @@ function Set-TargetResource # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $setParameters.Remove("Identity") + $setParameters.Remove('Identity') New-ActiveSyncMailboxPolicy @SetParameters } # UPDATE @@ -662,7 +662,7 @@ function Test-TargetResource [CmdletBinding()] [OutputType([System.Boolean])] param - ( + ( [Parameter()] [System.String] $Name, @@ -673,7 +673,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("Disable", "HandsfreeOnly", "Allow")] + [ValidateSet('Disable', 'HandsfreeOnly', 'Allow')] $AllowBluetooth, [Parameter()] @@ -806,7 +806,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("All", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths")] + [ValidateSet('All', 'TwoWeeks', 'OneMonth', 'ThreeMonths', 'SixMonths')] $MaxCalendarAgeFilter, [Parameter()] @@ -815,7 +815,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("All", "OneDay", "ThreeDays", "OneWeek", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths")] + [ValidateSet('All', 'OneDay', 'ThreeDays', 'OneWeek', 'TwoWeeks', 'OneMonth', 'ThreeMonths', 'SixMonths')] $MaxEmailAgeFilter, [Parameter()] @@ -1014,13 +1014,13 @@ function Export-TargetResource $displayedKey = $config.Name Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Name - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Identity = $config.Name + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 index c244a92033..0ed8e06cd9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 @@ -168,7 +168,7 @@ function Get-TargetResource } if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AddressLists = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $AddressLists = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 index edc165286e..2380c67839 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 @@ -298,7 +298,7 @@ function Set-TargetResource { Write-Verbose -Message "Re-create Application Access Policy '$($currentApplicationAccessPolicyConfig.Identity)'" Remove-ApplicationAccessPolicy -Identity $currentApplicationAccessPolicyConfig.Identity -Confirm:$false - Write-Verbose -Message "Removing existing policy was successful" + Write-Verbose -Message 'Removing existing policy was successful' Write-Verbose -Message "Creating new instance with parameters: $(Convert-M365DscHashtableToString -Hashtable $NewApplicationAccessPolicyParams)" New-ApplicationAccessPolicy @NewApplicationAccessPolicyParams } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 index a79d3e4da8..8d89120aa6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.psm1 @@ -82,16 +82,16 @@ function Get-TargetResource $ArcConfigSettings = Get-ArcConfig -ErrorAction Stop $result = @{ - IsSingleInstance = 'Yes' - ArcTrustedSealers = $ArcConfigSettings.ArcTrustedSealers - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + ArcTrustedSealers = $ArcConfigSettings.ArcTrustedSealers + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } Write-Verbose -Message 'Found Arc config settings' @@ -345,7 +345,7 @@ function Export-TargetResource $dscContent = '' Write-Host "`r`n" -NoNewline - Write-Host " |---[1/1]" -NoNewline + Write-Host ' |---[1/1]' -NoNewline $Params = @{ IsSingleInstance = 'Yes' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof index e773a36adf..791ea59bc8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOArcConfig/MSFT_EXOArcConfig.schema.mof @@ -11,4 +11,4 @@ class MSFT_EXOArcConfig : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; \ No newline at end of file +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 index 46ffac1760..87bf25ceff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpProtectionPolicyRule/MSFT_EXOAtpProtectionPolicyRule.psm1 @@ -107,7 +107,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -119,26 +119,26 @@ function Get-TargetResource } $results = @{ - Identity = $instance.Identity - Ensure = 'Present' - Comments = $instance.Comments - Enabled = $instance.State -eq 'Enabled' + Identity = $instance.Identity + Ensure = 'Present' + Comments = $instance.Comments + Enabled = $instance.State -eq 'Enabled' ExceptIfRecipientDomainIs = $instance.ExceptIfRecipientDomainIs - ExceptIfSentTo = $instance.ExceptIfSentTo - ExceptIfSentToMemberOf = $instance.ExceptIfSentToMemberOf - Name = $instance.Name - Priority = $instance.Priority - RecipientDomainIs = $instance.RecipientDomainIs - SafeAttachmentPolicy = $instance.SafeAttachmentPolicy - SafeLinksPolicy = $instance.SafeLinksPolicy - SentTo = $instance.SentTo - SentToMemberOf = $instance.SentToMemberOf - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ExceptIfSentTo = $instance.ExceptIfSentTo + ExceptIfSentToMemberOf = $instance.ExceptIfSentToMemberOf + Name = $instance.Name + Priority = $instance.Priority + RecipientDomainIs = $instance.RecipientDomainIs + SafeAttachmentPolicy = $instance.SafeAttachmentPolicy + SafeLinksPolicy = $instance.SafeLinksPolicy + SentTo = $instance.SentTo + SentToMemberOf = $instance.SentToMemberOf + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -269,11 +269,11 @@ function Set-TargetResource { if ($currentInstance.SafeAttachmentPolicy -ne $SetParameters.SafeAttachmentPolicy) { - throw "SafeAttachmentPolicy cannot be changed after creation" + throw 'SafeAttachmentPolicy cannot be changed after creation' } if ($currentInstance.SafeLinksPolicy -ne $SetParameters.SafeLinksPolicy) { - throw "SafeLinksPolicy cannot be changed after creation" + throw 'SafeLinksPolicy cannot be changed after creation' } # Enabled state can only be changed by the Enabled/Disable-ATPProtectionPolicyRule cmdlets @@ -290,9 +290,9 @@ function Set-TargetResource } } - $SetParameters.Remove("SafeLinksPolicy") | Out-Null - $SetParameters.Remove("SafeAttachmentPolicy") | Out-Null - $SetParameters.Remove("Enabled") | Out-Null + $SetParameters.Remove('SafeLinksPolicy') | Out-Null + $SetParameters.Remove('SafeAttachmentPolicy') | Out-Null + $SetParameters.Remove('Enabled') | Out-Null Set-ATPProtectionPolicyRule @SetParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicyAssignment/MSFT_EXOAuthenticationPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicyAssignment/MSFT_EXOAuthenticationPolicyAssignment.psm1 index 8206c166c9..54e8be6b5c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicyAssignment/MSFT_EXOAuthenticationPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAuthenticationPolicyAssignment/MSFT_EXOAuthenticationPolicyAssignment.psm1 @@ -183,13 +183,13 @@ function Set-TargetResource if ($Ensure -eq 'Present') { Write-Verbose -Message "Assigning authentication policy {$AuthenticationPolicyName} to {$UserName}." - Set-User -Identity $UserName -AuthenticationPolicy $AuthenticationPolicyName | Out-Null + Set-User -Identity $UserName -AuthenticationPolicy $AuthenticationPolicyName -Confirm:$false | Out-Null } # CASE: Authentication Policy exists but it shouldn't; elseif ($Ensure -eq 'Absent' -and $currentPolicyAssignment.Ensure -eq 'Present') { Write-Verbose -Message "Removing authentication policy assignment {$AuthenticationPolicyName} for {$UserName}." - Set-User -Identity $UserName -AuthenticationPolicy $null | Out-Null + Set-User -Identity $UserName -AuthenticationPolicy $null -Confirm:$false | Out-Null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 index 7050ec3891..157d4fe455 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 @@ -358,7 +358,7 @@ function Export-TargetResource return '' } - $OrgWideValue = "NotConfigured" + $OrgWideValue = 'NotConfigured' if ($null -ne $AvailabilityConfig.OrgWideAccount) { $user = Get-User -Identity $AvailabilityConfig.OrgWideAccount.ToString() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCASMailboxSettings/MSFT_EXOCASMailboxSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCASMailboxSettings/MSFT_EXOCASMailboxSettings.psm1 index 7dd5b109f6..5f3372dc52 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCASMailboxSettings/MSFT_EXOCASMailboxSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCASMailboxSettings/MSFT_EXOCASMailboxSettings.psm1 @@ -216,7 +216,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $mailboxCasSettings = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $mailboxCasSettings = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 index 5ece0f3e50..724df67a64 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 @@ -45,17 +45,17 @@ function Get-TargetResource $AllRequestOutOfPolicy, [Parameter()] - [ValidateSet("None", "AutoUpdate", "AutoAccept")] + [ValidateSet('None', 'AutoUpdate', 'AutoAccept')] [System.String] $AutomateProcessing, [Parameter()] - [ValidateSet("Standard", "Reserved")] + [ValidateSet('Standard', 'Reserved')] [System.String] $BookingType, [Parameter()] - [ValidateRange(0,1080)] + [ValidateRange(0, 1080)] [System.UInt32] $BookingWindowInDays = 180, @@ -381,17 +381,17 @@ function Set-TargetResource $AllRequestOutOfPolicy, [Parameter()] - [ValidateSet("None", "AutoUpdate", "AutoAccept")] + [ValidateSet('None', 'AutoUpdate', 'AutoAccept')] [System.String] $AutomateProcessing, [Parameter()] - [ValidateSet("Standard", "Reserved")] + [ValidateSet('Standard', 'Reserved')] [System.String] $BookingType, [Parameter()] - [ValidateRange(0,1080)] + [ValidateRange(0, 1080)] [System.UInt32] $BookingWindowInDays = 180, @@ -564,15 +564,15 @@ function Set-TargetResource -InboundParameters $PSBoundParameters $UpdateParameters = ([Hashtable]$PSBoundParameters).Clone() - $UpdateParameters.Remove("Ensure") | Out-Null - $UpdateParameters.Remove("Credential") | Out-Null - $UpdateParameters.Remove("ApplicationId") | Out-Null - $UpdateParameters.Remove("TenantId") | Out-Null - $UpdateParameters.Remove("CertificateThumbprint") | Out-Null - $UpdateParameters.Remove("ApplicationSecret") | Out-Null - $UpdateParameters.Remove("CertificatePath") | Out-Null - $UpdateParameters.Remove("CertificatePassword") | Out-Null - $UpdateParameters.Remove("ManagedIdentity") | Out-Null + $UpdateParameters.Remove('Ensure') | Out-Null + $UpdateParameters.Remove('Credential') | Out-Null + $UpdateParameters.Remove('ApplicationId') | Out-Null + $UpdateParameters.Remove('TenantId') | Out-Null + $UpdateParameters.Remove('CertificateThumbprint') | Out-Null + $UpdateParameters.Remove('ApplicationSecret') | Out-Null + $UpdateParameters.Remove('CertificatePath') | Out-Null + $UpdateParameters.Remove('CertificatePassword') | Out-Null + $UpdateParameters.Remove('ManagedIdentity') | Out-Null $UpdateParameters.Remove('AccessTokens') | Out-Null # Some parameters can only be applied to Resource Mailboxes @@ -581,14 +581,14 @@ function Set-TargetResource $mailbox = Get-Mailbox $UpdateParameters.Identity if ($mailbox.RecipientTypeDetails -ne 'EquipmentMailbox' -and $mailbox.RecipientTypeDetails -ne 'RoomMailbox') { - Write-Verbose -Message "Removing the AddNewRequestsTentatively parameter because the mailbox is not a resource one." - $UpdateParameters.Remove("AddNewRequestsTentatively") | Out-Null + Write-Verbose -Message 'Removing the AddNewRequestsTentatively parameter because the mailbox is not a resource one.' + $UpdateParameters.Remove('AddNewRequestsTentatively') | Out-Null - Write-Verbose -Message "Removing the BookingType parameter because the mailbox is not a resource one." - $UpdateParameters.Remove("BookingType") | Out-Null + Write-Verbose -Message 'Removing the BookingType parameter because the mailbox is not a resource one.' + $UpdateParameters.Remove('BookingType') | Out-Null - Write-Verbose -Message "Removing the ProcessExternalMeetingMessages parameter because the mailbox is not a resource one." - $UpdateParameters.Remove("ProcessExternalMeetingMessages") | Out-Null + Write-Verbose -Message 'Removing the ProcessExternalMeetingMessages parameter because the mailbox is not a resource one.' + $UpdateParameters.Remove('ProcessExternalMeetingMessages') | Out-Null } } @@ -642,17 +642,17 @@ function Test-TargetResource $AllRequestOutOfPolicy, [Parameter()] - [ValidateSet("None", "AutoUpdate", "AutoAccept")] + [ValidateSet('None', 'AutoUpdate', 'AutoAccept')] [System.String] $AutomateProcessing, [Parameter()] - [ValidateSet("Standard", "Reserved")] + [ValidateSet('Standard', 'Reserved')] [System.String] $BookingType, [Parameter()] - [ValidateRange(0,1080)] + [ValidateRange(0, 1080)] [System.UInt32] $BookingWindowInDays = 180, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/settings.json index 7fc3b9d5d9..8a7b393ceb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/settings.json @@ -26,8 +26,8 @@ "Recipient Management" ], "requiredrolegroups": [ - "Organization Management", - "Help Desk" + "Organization Management", + "Help Desk" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOClientAccessRule/MSFT_EXOClientAccessRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOClientAccessRule/MSFT_EXOClientAccessRule.psm1 index 3748ed1e45..8012321f17 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOClientAccessRule/MSFT_EXOClientAccessRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOClientAccessRule/MSFT_EXOClientAccessRule.psm1 @@ -347,7 +347,7 @@ function Set-TargetResource Write-Verbose -Message "Creating ClientAccessRule $($Identity)." $ClientAccessRuleParams.Add('Name', $Identity) $ClientAccessRuleParams.Remove('Identity') | Out-Null - New-ClientAccessRule @ClientAccessRuleParams + New-ClientAccessRule @ClientAccessRuleParams -Confirm:$false } elseif (('Present' -eq $Ensure ) -and ($Null -ne $ClientAccessRule)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.psm1 index 6ab0724f54..841b9f66f8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicy/MSFT_EXODataAtRestEncryptionPolicy.psm1 @@ -72,7 +72,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity.Name -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity.Name -eq $Identity } } else { @@ -84,18 +84,18 @@ function Get-TargetResource } $results = @{ - Identity = $Identity - Description = [System.String]$instance.Description - Enabled = [System.Boolean]$instance.Enabled - Name = [System.String]$instance.Name - AzureKeyIDs = [System.String[]]$instance.AzureKeyIDs - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Identity = $Identity + Description = [System.String]$instance.Description + Enabled = [System.Boolean]$instance.Enabled + Name = [System.String]$instance.Name + AzureKeyIDs = [System.String[]]$instance.AzureKeyIDs + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -197,7 +197,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Warning "Removal of M365DataAtRestEncryptionPolicy is not supported." + Write-Warning 'Removal of M365DataAtRestEncryptionPolicy is not supported.' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 index 2291d653d2..dd27fd2550 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1 @@ -7,7 +7,7 @@ [Parameter()] [System.String] $DataEncryptionPolicy, - + [Parameter(Mandatory = $true)] [System.String] $IsSingleInstance, @@ -59,14 +59,14 @@ } $results = @{ - DataEncryptionPolicy = [System.String]$instance.Name - IsSingleInstance = 'Yes' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + DataEncryptionPolicy = [System.String]$instance.Name + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -90,7 +90,7 @@ function Set-TargetResource [Parameter()] [System.String] $DataEncryptionPolicy, - + [Parameter(Mandatory = $true)] [System.String] $IsSingleInstance, @@ -148,7 +148,7 @@ function Test-TargetResource [Parameter()] [System.String] $DataEncryptionPolicy, - + [Parameter(Mandatory = $true)] [System.String] $IsSingleInstance, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 index 8c5183e113..6e42aebac8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 @@ -98,7 +98,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $DataClassification = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $DataClassification = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -259,7 +259,7 @@ function Set-TargetResource if (('Present' -eq $Ensure ) -and ($null -eq $DataClassification)) { - Write-Verbose -Message "Data Classification in Exchange Online are now deprecated in favor of Sensitive Information Types in Security and Compliance." + Write-Verbose -Message 'Data Classification in Exchange Online are now deprecated in favor of Sensitive Information Types in Security and Compliance.' } elseif (('Present' -eq $Ensure ) -and ($Null -ne $DataClassification)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 index ac74ceb1bf..f758ab9a57 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 @@ -253,14 +253,14 @@ function Get-TargetResource { if ($null -ne $PrimarySmtpAddress) { - $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.PrimarySmtpAddress -eq $PrimarySmtpAddress} + $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.PrimarySmtpAddress -eq $PrimarySmtpAddress } $distributionGroupMembers = Get-DistributionGroupMember -Identity $PrimarySmtpAddress ` -ErrorAction 'Stop' ` -ResultSize 'Unlimited' } else { - $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity ` -ErrorAction 'Stop' ` -ResultSize 'Unlimited' @@ -338,58 +338,58 @@ function Get-TargetResource } } $result = @{ - Identity = $distributionGroup.Identity - Alias = $distributionGroup.Alias - BccBlocked = $distributionGroup.BccBlocked - BypassNestedModerationEnabled = $distributionGroup.BypassNestedModerationEnabled - Description = $descriptionValue - DisplayName = $distributionGroup.DisplayName - HiddenGroupMembershipEnabled = $distributionGroup.HiddenGroupMembershipEnabled - ManagedBy = $ManagedByValue - MemberDepartRestriction = $distributionGroup.MemberDepartRestriction - MemberJoinRestriction = $distributionGroup.MemberJoinRestriction - Members = $distributionGroupMembers.Name - ModeratedBy = $ModeratedByValue - ModerationEnabled = $distributionGroup.ModerationEnabled - Name = $distributionGroup.Name - Notes = $distributionGroup.Notes - OrganizationalUnit = $distributionGroup.OrganizationalUnit - PrimarySmtpAddress = $distributionGroup.PrimarySmtpAddress - RequireSenderAuthenticationEnabled = $distributionGroup.RequireSenderAuthenticationEnabled - RoomList = $distributionGroup.RoomList - SendModerationNotifications = $distributionGroup.SendModerationNotifications - AcceptMessagesOnlyFrom = [Array]$distributionGroup.AcceptMessagesOnlyFrom - AcceptMessagesOnlyFromDLMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromDLMembers - AcceptMessagesOnlyFromSendersOrMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromSendersOrMembers - CustomAttribute1 = $distributionGroup.CustomAttribute1 - CustomAttribute2 = $distributionGroup.CustomAttribute2 - CustomAttribute3 = $distributionGroup.CustomAttribute3 - CustomAttribute4 = $distributionGroup.CustomAttribute4 - CustomAttribute5 = $distributionGroup.CustomAttribute5 - CustomAttribute6 = $distributionGroup.CustomAttribute6 - CustomAttribute7 = $distributionGroup.CustomAttribute7 - CustomAttribute8 = $distributionGroup.CustomAttribute8 - CustomAttribute9 = $distributionGroup.CustomAttribute9 - CustomAttribute10 = $distributionGroup.CustomAttribute10 - CustomAttribute11 = $distributionGroup.CustomAttribute11 - CustomAttribute12 = $distributionGroup.CustomAttribute12 - CustomAttribute13 = $distributionGroup.CustomAttribute13 - CustomAttribute14 = $distributionGroup.CustomAttribute14 - CustomAttribute15 = $distributionGroup.CustomAttribute15 - EmailAddresses = [Array]$distributionGroup.EmailAddresses - GrantSendOnBehalfTo = [Array]$distributionGroup.GrantSendOnBehalfTo - HiddenFromAddressListsEnabled = [Boolean]$distributionGroup.HiddenFromAddressListsEnabled - SendOofMessageToOriginatorEnabled = [Boolean]$distributionGroup.SendOofMessageToOriginatorEnabled - Type = $groupTypeValue - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + Identity = $distributionGroup.Identity + Alias = $distributionGroup.Alias + BccBlocked = $distributionGroup.BccBlocked + BypassNestedModerationEnabled = $distributionGroup.BypassNestedModerationEnabled + Description = $descriptionValue + DisplayName = $distributionGroup.DisplayName + HiddenGroupMembershipEnabled = $distributionGroup.HiddenGroupMembershipEnabled + ManagedBy = $ManagedByValue + MemberDepartRestriction = $distributionGroup.MemberDepartRestriction + MemberJoinRestriction = $distributionGroup.MemberJoinRestriction + Members = $distributionGroupMembers.Name + ModeratedBy = $ModeratedByValue + ModerationEnabled = $distributionGroup.ModerationEnabled + Name = $distributionGroup.Name + Notes = $distributionGroup.Notes + OrganizationalUnit = $distributionGroup.OrganizationalUnit + PrimarySmtpAddress = $distributionGroup.PrimarySmtpAddress + RequireSenderAuthenticationEnabled = $distributionGroup.RequireSenderAuthenticationEnabled + RoomList = $distributionGroup.RoomList + SendModerationNotifications = $distributionGroup.SendModerationNotifications + AcceptMessagesOnlyFrom = [Array]$distributionGroup.AcceptMessagesOnlyFrom + AcceptMessagesOnlyFromDLMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromDLMembers + AcceptMessagesOnlyFromSendersOrMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromSendersOrMembers + CustomAttribute1 = $distributionGroup.CustomAttribute1 + CustomAttribute2 = $distributionGroup.CustomAttribute2 + CustomAttribute3 = $distributionGroup.CustomAttribute3 + CustomAttribute4 = $distributionGroup.CustomAttribute4 + CustomAttribute5 = $distributionGroup.CustomAttribute5 + CustomAttribute6 = $distributionGroup.CustomAttribute6 + CustomAttribute7 = $distributionGroup.CustomAttribute7 + CustomAttribute8 = $distributionGroup.CustomAttribute8 + CustomAttribute9 = $distributionGroup.CustomAttribute9 + CustomAttribute10 = $distributionGroup.CustomAttribute10 + CustomAttribute11 = $distributionGroup.CustomAttribute11 + CustomAttribute12 = $distributionGroup.CustomAttribute12 + CustomAttribute13 = $distributionGroup.CustomAttribute13 + CustomAttribute14 = $distributionGroup.CustomAttribute14 + CustomAttribute15 = $distributionGroup.CustomAttribute15 + EmailAddresses = [Array]$distributionGroup.EmailAddresses + GrantSendOnBehalfTo = [Array]$distributionGroup.GrantSendOnBehalfTo + HiddenFromAddressListsEnabled = [Boolean]$distributionGroup.HiddenFromAddressListsEnabled + SendOofMessageToOriginatorEnabled = [Boolean]$distributionGroup.SendOofMessageToOriginatorEnabled + Type = $groupTypeValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } return $result diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.psm1 index 8dc09444f3..eccf55db00 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.psm1 @@ -239,7 +239,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { #following Microsoft recommendation, we will not create new EOPProtectionPolicyRule, instead we will enable the rule if not already done - Write-Verbose -Message "We not create new EOPProtectionPolicyRule if it is not present" + Write-Verbose -Message 'We not create new EOPProtectionPolicyRule if it is not present' } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -259,9 +259,9 @@ function Set-TargetResource } } - if($currentInstance.State -ne $State) + if ($currentInstance.State -ne $State) { - if($State -eq 'Enabled') + if ($State -eq 'Enabled') { Enable-EOPProtectionPolicyRule -Identity $Identity } @@ -276,7 +276,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { #following Microsoft recommendation, we will not remove EOPProtectionPolicyRules. - Write-Verbose -Message "We will not remove EOPProtectionPolicyRules" + Write-Verbose -Message 'We will not remove EOPProtectionPolicyRules' } } @@ -401,7 +401,7 @@ function Test-TargetResource { switch -regex ($key) { - "^ExceptIf\w+$|^RecipientDomainIs$|^SentTo(\w+)?$" + '^ExceptIf\w+$|^RecipientDomainIs$|^SentTo(\w+)?$' { $CurrentValues[$key] = @() break @@ -455,7 +455,7 @@ function Export-TargetResource $AccessTokens ) - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/settings.json index e54bf36221..37932ff284 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/settings.json @@ -28,5 +28,4 @@ "requiredrolegroups": [] } } - } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 index dd5a345ee6..56e14f7bfa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/MSFT_EXOEmailTenantSettings.psm1 @@ -95,20 +95,20 @@ function Get-TargetResource $EmailTenantSettings = Get-EmailTenantSettings -ErrorAction Stop $result = @{ - IsSingleInstance = 'Yes' - Identity = $EmailTenantSettings.Identity - EnablePriorityAccountProtection = $EmailTenantSettings.EnablePriorityAccountProtection - Name = $EmailTenantSettings.Name - IsValid = $EmailTenantSettings.IsValid - ObjectState = $EmailTenantSettings.ObjectState - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + Identity = $EmailTenantSettings.Identity + EnablePriorityAccountProtection = $EmailTenantSettings.EnablePriorityAccountProtection + Name = $EmailTenantSettings.Name + IsValid = $EmailTenantSettings.IsValid + ObjectState = $EmailTenantSettings.ObjectState + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } Write-Verbose -Message 'Found Email Tenant Settings config ' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json index a3fb9d4fcf..94d8b30f01 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOEmailTenantSettings/settings.json @@ -26,8 +26,8 @@ "Security Reader" ], "requiredrolegroups": [ - "Organization Management", - "Security Administrator" + "Organization Management", + "Security Administrator" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/MSFT_EXOExternalInOutlook.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/MSFT_EXOExternalInOutlook.psm1 index 053b3e4bff..357c749b31 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/MSFT_EXOExternalInOutlook.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/MSFT_EXOExternalInOutlook.psm1 @@ -166,11 +166,11 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "The setting cannot be created, it can only be enabled or disabled." + Write-Verbose -Message 'The setting cannot be created, it can only be enabled or disabled.' } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating the settings for ExternalInOutlook." + Write-Verbose -Message 'Updating the settings for ExternalInOutlook.' $UpdateParameters = ([Hashtable]$BoundParameters).Clone() $UpdateParameters.Remove('Verbose') | Out-Null @@ -190,7 +190,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "The setting cannot be removed, it can only be enabled or disabled." + Write-Verbose -Message 'The setting cannot be removed, it can only be enabled or disabled.' } } @@ -324,7 +324,7 @@ function Export-TargetResource $AccessTokens ) - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -362,14 +362,14 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $($config.Identity)" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - AccessTokens = $AccessTokens + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/settings.json index 7e639c9df4..3c02f8c7fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/settings.json @@ -29,5 +29,4 @@ "requiredrolegroups": [] } } - } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 index c424b4364e..688d2e49ec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/MSFT_EXOFocusedInbox.psm1 @@ -65,23 +65,23 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $instance = Get-FocusedInbox -Identity $Identity + $instance = Get-FocusedInbox -Identity $Identity if ($null -eq $instance) { return $nullResult } $results = @{ - Identity = $Identity - FocusedInboxOn = [Boolean]$instance.FocusedInboxOn + Identity = $Identity + FocusedInboxOn = [Boolean]$instance.FocusedInboxOn FocusedInboxOnLastUpdateTime = [DateTime]$instance.FocusedInboxOnLastUpdateTime - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -160,7 +160,7 @@ function Set-TargetResource $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $SetParameters.Remove("FocusedInboxOnLastUpdateTime") | Out-Null + $SetParameters.Remove('FocusedInboxOnLastUpdateTime') | Out-Null Set-FocusedInbox @SetParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md index 0212dc7bb0..c2e49a3cd2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/readme.md @@ -1,5 +1,5 @@ -# EXOFocusedInbox +# EXOFocusedInbox ## Description Manage the Focused Inbox configuration for mailboxes in your organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json index 5421220128..d61f35ed81 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOFocusedInbox/settings.json @@ -26,8 +26,8 @@ "Recipient Management" ], "requiredrolegroups": [ - "Organization Management", - "Help Desk" + "Organization Management", + "Help Desk" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 index 3c23ad0ce7..f1a55013b8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -281,7 +281,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - [Array]$group = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + [Array]$group = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 index 971ba90f42..7886c18717 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 @@ -323,20 +323,24 @@ function Get-TargetResource [System.String[]]$AllowedSendersValues = $HostedContentFilterPolicy.AllowedSenders.Sender | Select-Object Address -ExpandProperty Address [System.String[]]$BlockedSendersValues = $HostedContentFilterPolicy.BlockedSenders.Sender | Select-Object Address -ExpandProperty Address # Check if the values are null and assign them an empty string array if they are - if ($null -eq $AllowedSendersValues) { + if ($null -eq $AllowedSendersValues) + { $AllowedSendersValues = @() } - if ($null -eq $BlockedSendersValues) { + if ($null -eq $BlockedSendersValues) + { $BlockedSendersValues = @() } [System.String[]]$AllowedSenderDomains = $HostedContentFilterPolicy.AllowedSenderDomains.Domain [System.String[]]$BlockedSenderDomains = $HostedContentFilterPolicy.BlockedSenderDomains.Domain # Check if the values are null and assign them an empty string array if they are - if ($null -eq $AllowedSenderDomains) { + if ($null -eq $AllowedSenderDomains) + { $AllowedSenderDomains = @() } - if ($null -eq $BlockedSenderDomains) { + if ($null -eq $BlockedSenderDomains) + { $BlockedSenderDomains = @() } $result = @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterRule/MSFT_EXOHostedContentFilterRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterRule/MSFT_EXOHostedContentFilterRule.psm1 index 2adf454d92..d298fba963 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterRule/MSFT_EXOHostedContentFilterRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterRule/MSFT_EXOHostedContentFilterRule.psm1 @@ -126,7 +126,7 @@ function Get-TargetResource { Write-Verbose -Message "Couldn't find rule by ID, trying by name." $rules = Get-HostedContentFilterRule - $HostedContentFilterRule = $rules | Where-Object -FilterScript {$_.Name -eq $Identity -and $_.HostedContentFilterPolicy -eq $HostedContentFilterPolicy} + $HostedContentFilterRule = $rules | Where-Object -FilterScript { $_.Name -eq $Identity -and $_.HostedContentFilterPolicy -eq $HostedContentFilterPolicy } } catch { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 index 5b87fb95ac..bdcd3a337f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailTips/MSFT_EXOMailTips.psm1 @@ -62,7 +62,7 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Mailtips" + Write-Verbose -Message 'Getting configuration of Mailtips' if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` @@ -194,7 +194,7 @@ function Set-TargetResource $AccessTokens ) - Write-Verbose -Message "Setting configuration of Mailtips" + Write-Verbose -Message 'Setting configuration of Mailtips' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -322,7 +322,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Mailtips" + Write-Verbose -Message 'Testing configuration of Mailtips' $CurrentValues = Get-TargetResource @PSBoundParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAuditBypassAssociation/MSFT_EXOMailboxAuditBypassAssociation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAuditBypassAssociation/MSFT_EXOMailboxAuditBypassAssociation.psm1 index 0d2fc291bf..022c062b4b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAuditBypassAssociation/MSFT_EXOMailboxAuditBypassAssociation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAuditBypassAssociation/MSFT_EXOMailboxAuditBypassAssociation.psm1 @@ -57,7 +57,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 index e5dfa230d6..efec5952df 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 @@ -46,7 +46,7 @@ function Get-TargetResource $EventsToDeleteIDs, [Parameter()] - [ValidateSet('None', 'Known','All')] + [ValidateSet('None', 'Known', 'All')] [System.String] $ExternalAudience, @@ -235,7 +235,7 @@ function Set-TargetResource $EventsToDeleteIDs, [Parameter()] - [ValidateSet('None', 'Known','All')] + [ValidateSet('None', 'Known', 'All')] [System.String] $ExternalAudience, @@ -372,7 +372,7 @@ function Test-TargetResource $EventsToDeleteIDs, [Parameter()] - [ValidateSet('None', 'Known','All')] + [ValidateSet('None', 'Known', 'All')] [System.String] $ExternalAudience, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 index 4e64667fca..e248580ae4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 @@ -229,60 +229,60 @@ function Get-TargetResource if ($null -eq $config) { - return $nullResult + return $nullResult } $results = @{ - Ensure = 'Present' - Identity = $Identity - AgendaMailIntroductionEnabled = $config.AgendaMailIntroductionEnabled - AutoDeclineWhenBusy = $config.AutoDeclineWhenBusy - CalendarFeedsPreferredLanguage = $config.CalendarFeedsPreferredLanguage - CalendarFeedsPreferredRegion = $config.CalendarFeedsPreferredRegion - CalendarFeedsRootPageId = $config.CalendarFeedsRootPageId - ConversationalSchedulingEnabled = $config.ConversationalSchedulingEnabled - CreateEventsFromEmailAsPrivate = $config.CreateEventsFromEmailAsPrivate - DefaultMinutesToReduceLongEventsBy = $config.DefaultMinutesToReduceLongEventsBy - DefaultMinutesToReduceShortEventsBy = $config.DefaultMinutesToReduceShortEventsBy - DefaultOnlineMeetingProvider = $config.DefaultOnlineMeetingProvider - DefaultReminderTime = $config.DefaultReminderTime - DeleteMeetingRequestOnRespond = $config.DeleteMeetingRequestOnRespond - DiningEventsFromEmailEnabled = $config.DiningEventsFromEmailEnabled - EntertainmentEventsFromEmailEnabled = $config.EntertainmentEventsFromEmailEnabled - EventsFromEmailEnabled = $config.EventsFromEmailEnabled - FirstWeekOfYear = $config.FirstWeekOfYear - FlightEventsFromEmailEnabled = $config.FlightEventsFromEmailEnabled - HotelEventsFromEmailEnabled = $config.HotelEventsFromEmailEnabled - InvoiceEventsFromEmailEnabled = $config.InvoiceEventsFromEmailEnabled - LocationDetailsInFreeBusy = $config.LocationDetailsInFreeBusy - MailboxLocation = $config.MailboxLocation - OnlineMeetingsByDefaultEnabled = $config.OnlineMeetingsByDefaultEnabled - PackageDeliveryEventsFromEmailEnabled = $config.PackageDeliveryEventsFromEmailEnabled - PreserveDeclinedMeetings = $config.PreserveDeclinedMeetings - RemindersEnabled = $config.RemindersEnabled - ReminderSoundEnabled = $config.ReminderSoundEnabled - RentalCarEventsFromEmailEnabled = $config.RentalCarEventsFromEmailEnabled + Ensure = 'Present' + Identity = $Identity + AgendaMailIntroductionEnabled = $config.AgendaMailIntroductionEnabled + AutoDeclineWhenBusy = $config.AutoDeclineWhenBusy + CalendarFeedsPreferredLanguage = $config.CalendarFeedsPreferredLanguage + CalendarFeedsPreferredRegion = $config.CalendarFeedsPreferredRegion + CalendarFeedsRootPageId = $config.CalendarFeedsRootPageId + ConversationalSchedulingEnabled = $config.ConversationalSchedulingEnabled + CreateEventsFromEmailAsPrivate = $config.CreateEventsFromEmailAsPrivate + DefaultMinutesToReduceLongEventsBy = $config.DefaultMinutesToReduceLongEventsBy + DefaultMinutesToReduceShortEventsBy = $config.DefaultMinutesToReduceShortEventsBy + DefaultOnlineMeetingProvider = $config.DefaultOnlineMeetingProvider + DefaultReminderTime = $config.DefaultReminderTime + DeleteMeetingRequestOnRespond = $config.DeleteMeetingRequestOnRespond + DiningEventsFromEmailEnabled = $config.DiningEventsFromEmailEnabled + EntertainmentEventsFromEmailEnabled = $config.EntertainmentEventsFromEmailEnabled + EventsFromEmailEnabled = $config.EventsFromEmailEnabled + FirstWeekOfYear = $config.FirstWeekOfYear + FlightEventsFromEmailEnabled = $config.FlightEventsFromEmailEnabled + HotelEventsFromEmailEnabled = $config.HotelEventsFromEmailEnabled + InvoiceEventsFromEmailEnabled = $config.InvoiceEventsFromEmailEnabled + LocationDetailsInFreeBusy = $config.LocationDetailsInFreeBusy + MailboxLocation = $config.MailboxLocation + OnlineMeetingsByDefaultEnabled = $config.OnlineMeetingsByDefaultEnabled + PackageDeliveryEventsFromEmailEnabled = $config.PackageDeliveryEventsFromEmailEnabled + PreserveDeclinedMeetings = $config.PreserveDeclinedMeetings + RemindersEnabled = $config.RemindersEnabled + ReminderSoundEnabled = $config.ReminderSoundEnabled + RentalCarEventsFromEmailEnabled = $config.RentalCarEventsFromEmailEnabled ServiceAppointmentEventsFromEmailEnabled = $config.ServiceAppointmentEventsFromEmailEnabled - ShortenEventScopeDefault = $config.ShortenEventScopeDefault - ShowWeekNumbers = $config.ShowWeekNumbers - TimeIncrement = $config.TimeIncrement - UseBrightCalendarColorThemeInOwa = $config.UseBrightCalendarColorThemeInOwa - WeatherEnabled = $config.WeatherEnabled - WeatherLocationBookmark = $config.WeatherLocationBookmark - WeatherLocations = [Array]$config.WeatherLocations - WeatherUnit = $config.WeatherUnit - WeekStartDay = $config.WeekStartDay - WorkDays = $config.WorkDays - WorkingHoursEndTime = $config.WorkingHoursEndTime - WorkingHoursStartTime = $config.WorkingHoursStartTime - WorkingHoursTimeZone = $config.WorkingHoursTimeZone - WorkspaceUserEnabled = $config.WorkspaceUserEnabled - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ShortenEventScopeDefault = $config.ShortenEventScopeDefault + ShowWeekNumbers = $config.ShowWeekNumbers + TimeIncrement = $config.TimeIncrement + UseBrightCalendarColorThemeInOwa = $config.UseBrightCalendarColorThemeInOwa + WeatherEnabled = $config.WeatherEnabled + WeatherLocationBookmark = $config.WeatherLocationBookmark + WeatherLocations = [Array]$config.WeatherLocations + WeatherUnit = $config.WeatherUnit + WeekStartDay = $config.WeekStartDay + WorkDays = $config.WorkDays + WorkingHoursEndTime = $config.WorkingHoursEndTime + WorkingHoursStartTime = $config.WorkingHoursStartTime + WorkingHoursTimeZone = $config.WorkingHoursTimeZone + WorkspaceUserEnabled = $config.WorkspaceUserEnabled + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md index 5f4846dd1e..198a5c8768 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/readme.md @@ -3,4 +3,4 @@ ## Description -This resource allows users to manage mailbox calendar settings. +This resource allows users to manage mailbox calendar settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json index f9832ee223..680a76a258 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/settings.json @@ -26,8 +26,8 @@ "Recipient Management" ], "requiredrolegroups": [ - "Organization Management", - "Help Desk" + "Organization Management", + "Help Desk" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 index 88cdf82dde..516b16d47d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 @@ -9,17 +9,17 @@ function Get-TargetResource $Identity, [Parameter()] - [ValidateSet("AvailabilityOnly", "LimitedDetails", "FullDetails")] + [ValidateSet('AvailabilityOnly', 'LimitedDetails', 'FullDetails')] [System.String] - $DetailLevel = "AvailabilityOnly", + $DetailLevel = 'AvailabilityOnly', [Parameter()] - [ValidateSet("OneDay", "ThreeDays", "OneWeek", "OneMonth", "ThreeMonths", "SixMonths", "OneYear")] + [ValidateSet('OneDay', 'ThreeDays', 'OneWeek', 'OneMonth', 'ThreeMonths', 'SixMonths', 'OneYear')] [System.String] - $PublishDateRangeFrom = "ThreeMonths", + $PublishDateRangeFrom = 'ThreeMonths', [Parameter()] - [ValidateSet("OneDay", "ThreeDays", "OneWeek", "OneMonth", "ThreeMonths", "SixMonths", "OneYear")] + [ValidateSet('OneDay', 'ThreeDays', 'OneWeek', 'OneMonth', 'ThreeMonths', 'SixMonths', 'OneYear')] [System.String] $PublishDateRangeTo, @@ -154,17 +154,17 @@ function Set-TargetResource $Identity, [Parameter()] - [ValidateSet("AvailabilityOnly", "LimitedDetails", "FullDetails")] + [ValidateSet('AvailabilityOnly', 'LimitedDetails', 'FullDetails')] [System.String] - $DetailLevel = "AvailabilityOnly", + $DetailLevel = 'AvailabilityOnly', [Parameter()] - [ValidateSet("OneDay", "ThreeDays", "OneWeek", "OneMonth", "ThreeMonths", "SixMonths", "OneYear")] + [ValidateSet('OneDay', 'ThreeDays', 'OneWeek', 'OneMonth', 'ThreeMonths', 'SixMonths', 'OneYear')] [System.String] - $PublishDateRangeFrom = "ThreeMonths", + $PublishDateRangeFrom = 'ThreeMonths', [Parameter()] - [ValidateSet("OneDay", "ThreeDays", "OneWeek", "OneMonth", "ThreeMonths", "SixMonths", "OneYear")] + [ValidateSet('OneDay', 'ThreeDays', 'OneWeek', 'OneMonth', 'ThreeMonths', 'SixMonths', 'OneYear')] [System.String] $PublishDateRangeTo, @@ -238,15 +238,15 @@ function Set-TargetResource -InboundParameters $PSBoundParameters $UpdateParameters = ([Hashtable]$PSBoundParameters).Clone() - $UpdateParameters.Remove("Ensure") | Out-Null - $UpdateParameters.Remove("Credential") | Out-Null - $UpdateParameters.Remove("ApplicationId") | Out-Null - $UpdateParameters.Remove("TenantId") | Out-Null - $UpdateParameters.Remove("CertificateThumbprint") | Out-Null - $UpdateParameters.Remove("ApplicationSecret") | Out-Null - $UpdateParameters.Remove("CertificatePath") | Out-Null - $UpdateParameters.Remove("CertificatePassword") | Out-Null - $UpdateParameters.Remove("ManagedIdentity") | Out-Null + $UpdateParameters.Remove('Ensure') | Out-Null + $UpdateParameters.Remove('Credential') | Out-Null + $UpdateParameters.Remove('ApplicationId') | Out-Null + $UpdateParameters.Remove('TenantId') | Out-Null + $UpdateParameters.Remove('CertificateThumbprint') | Out-Null + $UpdateParameters.Remove('ApplicationSecret') | Out-Null + $UpdateParameters.Remove('CertificatePath') | Out-Null + $UpdateParameters.Remove('CertificatePassword') | Out-Null + $UpdateParameters.Remove('ManagedIdentity') | Out-Null $UpdateParameters.Remove('AccessTokens') | Out-Null # The SharedCalendarSyncStartDate needs to be used by itself in a subsequent call. @@ -254,7 +254,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating the Mailbox Calendar Folder SharedCalendarSyncStartDate property for {$Identity}" Set-MailboxCalendarFolder -Identity $Identity -SharedCalendarSyncStartDate $SharedCalendarSyncStartDate - $UpdateParameters.Remove("SharedCalendarSyncStartDate") | Out-Null + $UpdateParameters.Remove('SharedCalendarSyncStartDate') | Out-Null } Write-Verbose -Message "Updating the Mailbox Calendar Folder for {$Identity}" Set-MailboxCalendarFolder @UpdateParameters @@ -271,17 +271,17 @@ function Test-TargetResource $Identity, [Parameter()] - [ValidateSet("AvailabilityOnly", "LimitedDetails", "FullDetails")] + [ValidateSet('AvailabilityOnly', 'LimitedDetails', 'FullDetails')] [System.String] - $DetailLevel = "AvailabilityOnly", + $DetailLevel = 'AvailabilityOnly', [Parameter()] - [ValidateSet("OneDay", "ThreeDays", "OneWeek", "OneMonth", "ThreeMonths", "SixMonths", "OneYear")] + [ValidateSet('OneDay', 'ThreeDays', 'OneWeek', 'OneMonth', 'ThreeMonths', 'SixMonths', 'OneYear')] [System.String] - $PublishDateRangeFrom = "ThreeMonths", + $PublishDateRangeFrom = 'ThreeMonths', [Parameter()] - [ValidateSet("OneDay", "ThreeDays", "OneWeek", "OneMonth", "ThreeMonths", "SixMonths", "OneYear")] + [ValidateSet('OneDay', 'ThreeDays', 'OneWeek', 'OneMonth', 'ThreeMonths', 'SixMonths', 'OneYear')] [System.String] $PublishDateRangeTo, @@ -443,7 +443,7 @@ function Export-TargetResource } # Name of calendar folder depends on the language of the mailbox - $calendarFolderName = (Get-MailboxFolderStatistics -Identity $($mailbox.UserPrincipalName) -FolderScope Calendar | Where-Object {$_.FolderType -eq 'Calendar'}).Name + $calendarFolderName = (Get-MailboxFolderStatistics -Identity $($mailbox.UserPrincipalName) -FolderScope Calendar | Where-Object { $_.FolderType -eq 'Calendar' }).Name $folderPath = $mailbox.UserPrincipalName + ':\' + $calendarFolderName Write-Host " |---[$i/$($mailboxes.Count)] $($folderPath)" -NoNewline $Params = @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/settings.json index c656ab4211..6b34f17419 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/settings.json @@ -26,8 +26,8 @@ "Recipient Management" ], "requiredrolegroups": [ - "Organization Management", - "Help Desk" + "Organization Management", + "Help Desk" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 index 21fcb822c9..a6bc9679bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/MSFT_EXOMailboxFolderPermission.psm1 @@ -71,7 +71,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instances = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instances = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -84,26 +84,28 @@ function Get-TargetResource [Array]$permissionsObj = @() - foreach($mailboxfolderPermission in $instances){ + foreach ($mailboxfolderPermission in $instances) + { $currentPermission = @{} $currentPermission.Add('User', $mailboxFolderPermission.User.ToString()) $currentPermission.Add('AccessRights', $mailboxFolderPermission.AccessRights) - if($null -ne $mailboxFolderPermission.SharingPermissionFlags) { + if ($null -ne $mailboxFolderPermission.SharingPermissionFlags) + { $currentPermission.Add('SharingPermissionFlags', $mailboxFolderPermission.SharingPermissionFlags) } $permissionsObj += $currentPermission } $results = @{ - Identity = $Identity - UserPermissions = [Array]$permissionsObj - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Identity = $Identity + UserPermissions = [Array]$permissionsObj + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -198,28 +200,37 @@ function Set-TargetResource # Remove all the current existing pemrissions on this folder. # Skip removing the default and anonymous permissions, as can't be removed, and should just be directly updated. - foreach($currentUserPermission in $currentMailboxFolderPermissions) { - if($currentUserPermission.User.ToString().ToLower() -ne "default" -and $currentUserPermission.User.ToString().ToLower() -ne "anonymous"){ + foreach ($currentUserPermission in $currentMailboxFolderPermissions) + { + if ($currentUserPermission.User.ToString().ToLower() -ne 'default' -and $currentUserPermission.User.ToString().ToLower() -ne 'anonymous') + { Remove-MailboxFolderPermission -Identity $Identity -User $currentUserPermission.User -Confirm:$false } } # Add the desired state permissions on the mailbox folder # For Default and anonymous users, as the permissions were not removed, we just need to call set. - foreach($userPermission in $UserPermissions) { - if($userPermission.User.ToString().ToLower() -eq "default" -or $userPermission.User.ToString().ToLower() -eq "anonymous"){ - if ($userPermission.SharingPermissionFlags -eq ""){ + foreach ($userPermission in $UserPermissions) + { + if ($userPermission.User.ToString().ToLower() -eq 'default' -or $userPermission.User.ToString().ToLower() -eq 'anonymous') + { + if ($userPermission.SharingPermissionFlags -eq '') + { Set-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights } - else { + else + { Set-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights -SharingPermissionFlags $userPermission.SharingPermissionFlags } } - else { - if ($userPermission.SharingPermissionFlags -eq ""){ + else + { + if ($userPermission.SharingPermissionFlags -eq '') + { Add-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights } - else { + else + { Add-MailboxFolderPermission -Identity $Identity -User $userPermission.User -AccessRights $userPermission.AccessRights -SharingPermissionFlags $userPermission.SharingPermissionFlags } } @@ -309,7 +320,8 @@ function Test-TargetResource { $testTargetResource = $false } - else { + else + { $ValuesToCheck.Remove($key) | Out-Null } } @@ -319,12 +331,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys ` - -IncludedDrifts $driftedParams + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys ` + -IncludedDrifts $driftedParams - if(-not $TestResult) + if (-not $TestResult) { $testTargetResource = $false } @@ -487,9 +499,10 @@ function Get-M365DSCEXOUserPermissionsList $StringContent += "MSFT_EXOMailboxFolderUserPermission {`r`n" $StringContent += " User = '" + $permission.User + "'`r`n" $StringContent += " AccessRights = '" + $permission.AccessRights + "'`r`n" - if($null -ne $permission.SharingPermissionFlags){ - # $StringContent += " SharingPermissionFlags = `$null" + "`r`n" - # } else { + if ($null -ne $permission.SharingPermissionFlags) + { + # $StringContent += " SharingPermissionFlags = `$null" + "`r`n" + # } else { $StringContent += " SharingPermissionFlags = '" + $permission.SharingPermissionFlags + "'`r`n" } $StringContent += " }`r`n" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json index 874090d3bc..ec5534569f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxFolderPermission/settings.json @@ -26,8 +26,8 @@ "Recipient Management" ], "requiredrolegroups": [ - "Organization Management", - "Help Desk" + "Organization Management", + "Help Desk" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 index 13c1f4be94..3df797b6ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxIRMAccess/MSFT_EXOMailboxIRMAccess.psm1 @@ -68,7 +68,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity -and $_.User -eq $User} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity -and $_.User -eq $User } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 index 39a70e00e2..f89dd48825 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 @@ -9,13 +9,13 @@ function Get-TargetResource $Identity, [Parameter(Mandatory = $true)] - [ValidateSet("ChangeOwner", "ChangePermission", "DeleteItem", "ExternalAccount", "FullAccess", "ReadPermission")] + [ValidateSet('ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess', 'ReadPermission')] [System.String[]] $AccessRights, [Parameter(Mandatory = $true)] [System.String] - [ValidateSet("None", "All", "Children", "Descendents", "SelfAndChildren")] + [ValidateSet('None', 'All', 'Children', 'Descendents', 'SelfAndChildren')] $InheritanceType = 'All', [Parameter()] @@ -105,7 +105,7 @@ function Get-TargetResource if ($permission.Length -gt 1) { - $permission = $permission | Where-Object -FilterScript {$_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ','').Split(',') -DifferenceObject $AccessRights).Count -eq 0} + $permission = $permission | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 } } if ($permission.Length -gt 1) @@ -120,21 +120,21 @@ function Get-TargetResource } $result = @{ - Identity = $permission.Identity - AccessRights = [Array]$permission.AccessRights.Replace(' ','').Split(',') - InheritanceType = $permission.InheritanceType - Owner = $permission.Owner - User = $permission.User - Deny = [Boolean]$permission.Deny - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + Identity = $permission.Identity + AccessRights = [Array]$permission.AccessRights.Replace(' ', '').Split(',') + InheritanceType = $permission.InheritanceType + Owner = $permission.Owner + User = $permission.User + Deny = [Boolean]$permission.Deny + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } Write-Verbose -Message "Found permissions for mailbox {$($Identity)}" @@ -162,13 +162,13 @@ function Set-TargetResource $Identity, [Parameter(Mandatory = $true)] - [ValidateSet("ChangeOwner", "ChangePermission", "DeleteItem", "ExternalAccount", "FullAccess", "ReadPermission")] + [ValidateSet('ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess', 'ReadPermission')] [System.String[]] $AccessRights, [Parameter(Mandatory = $true)] [System.String] - [ValidateSet("None", "All", "Children", "Descendents", "SelfAndChildren")] + [ValidateSet('None', 'All', 'Children', 'Descendents', 'SelfAndChildren')] $InheritanceType = 'All', [Parameter()] @@ -273,13 +273,13 @@ function Test-TargetResource $Identity, [Parameter(Mandatory = $true)] - [ValidateSet("ChangeOwner", "ChangePermission", "DeleteItem", "ExternalAccount", "FullAccess", "ReadPermission")] + [ValidateSet('ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess', 'ReadPermission')] [System.String[]] $AccessRights, [Parameter(Mandatory = $true)] [System.String] - [ValidateSet("None", "All", "Children", "Descendents", "SelfAndChildren")] + [ValidateSet('None', 'All', 'Children', 'Descendents', 'SelfAndChildren')] $InheritanceType = 'All', [Parameter()] @@ -448,7 +448,7 @@ function Export-TargetResource Write-Host " |---[$j/$($permissions.Count)] $($permission.Identity)" -NoNewline $Params = @{ Identity = $mailbox.UserPrincipalName - AccessRights = [Array]$permission.AccessRights.Replace(' ','').Replace('SendAs,','').Split(',') # ignore SendAs permissions since they are not supported by *-MailboxPermission cmdlets + AccessRights = [Array]$permission.AccessRights.Replace(' ', '').Replace('SendAs,', '').Split(',') # ignore SendAs permissions since they are not supported by *-MailboxPermission cmdlets InheritanceType = $permission.InheritanceType User = $permission.User Credential = $Credential diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 index f5b5a24b5d..70b56677fb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 @@ -103,7 +103,7 @@ function Get-TargetResource try { $mailboxSettings = Get-MailboxRegionalConfiguration -Identity $DisplayName -ErrorAction Stop - $mailboxInfo = Get-Mailbox -Identity $DisplayName -ErrorAction Stop + $mailboxInfo = Get-Mailbox -Identity $DisplayName -ErrorAction Stop } catch { @@ -124,7 +124,7 @@ function Get-TargetResource AddressBookPolicy = $mailboxInfo.AddressBookPolicy RoleAssignmentPolicy = $mailboxInfo.RoleAssignmentPolicy SharingPolicy = $mailboxInfo.SharingPolicy - Ensure = "Present" + Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId CertificateThumbprint = $CertificateThumbprint @@ -355,9 +355,9 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $testResult" @@ -435,7 +435,7 @@ function Export-TargetResource { $DisplayNameValue = $mailbox.Name - if ([System.Guid]::TryParse($mailbox.Identity,[System.Management.Automation.PSReference]$ObjectGuid)) + if ([System.Guid]::TryParse($mailbox.Identity, [System.Management.Automation.PSReference]$ObjectGuid)) { try { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 index fc30a27966..6053feec9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $AllManagementRoles = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Name} + $AllManagementRoles = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Name } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index bd4575f6f3..fd2489cdf2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -123,7 +123,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $roleAssignment = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Name} + $roleAssignment = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Name } } else { @@ -186,7 +186,10 @@ function Get-TargetResource } elseif ($roleAssignment.RoleAssigneeType -eq 'User') { - $result.Add('User', $roleAssignment.RoleAssignee) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + $userInfo = Get-MgUser -UserId ($roleAssignment.RoleAssignee) + $result.Add('User', $userInfo.UserPrincipalName) } Write-Verbose -Message "Found Management Role Assignment $($Name)" @@ -298,8 +301,6 @@ function Set-TargetResource ) Write-Verbose -Message "Setting Management Role Assignment for $Name" - $currentManagementRoleConfig = Get-TargetResource @PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -315,6 +316,8 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters + $currentManagementRoleConfig = Get-TargetResource @PSBoundParameters + $NewManagementRoleParams = ([Hashtable]$PSBoundParameters).Clone() $NewManagementRoleParams.Remove('Ensure') | Out-Null $NewManagementRoleParams.Remove('Credential') | Out-Null @@ -356,16 +359,9 @@ function Set-TargetResource # CASE: Management Role exists and it should, but has different values than the desired ones elseif ($Ensure -eq 'Present' -and $currentManagementRoleConfig.Ensure -eq 'Present') { - Write-Verbose -Message "Management Role Assignment'$($Name)' already exists, but needs updating." - $NewManagementRoleParams.Add('Identity', $Name) - $NewManagementRoleParams.Remove('Name') | Out-Null - $NewManagementRoleParams.Remove('User') | Out-Null - $NewManagementRoleParams.Remove('Role') | Out-Null - $NewManagementRoleParams.Remove('Computer') | Out-Null - $NewManagementRoleParams.Remove('App') | Out-Null - $NewManagementRoleParams.Remove('Policy') | Out-Null - $NewManagementRoleParams.Remove('SecurityGroup') | Out-Null - Set-ManagementRoleAssignment @NewManagementRoleParams | Out-Null + Write-Verbose -Message "Management Role Assignment'$($Name)' already exists, but needs updating. Deleting and recreating the instance." + Remove-ManagementRoleAssignment -Identity $Name -Confirm:$false -Force | Out-Null + New-ManagementRoleAssignment @NewManagementRoleParams | Out-Null } # Wait for the permission to be applied @@ -378,7 +374,7 @@ function Set-TargetResource $testResults = Test-TargetResource @PSBoundParameters if (-not $testResults) { - Write-Verbose -Message "Test-TargetResource returned $false. Waiting for a total of $(($count * 10).ToString()) out of $(($retries * 10).ToString())" + Write-Verbose -Message "Test-TargetResource returned $false. Waiting for a total of $(($count * 10).ToString()) out of 120)" Start-Sleep -Seconds 10 } $retries-- @@ -507,12 +503,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('User') | Out-Null - $ValuesToCheck.Remove('Role') | Out-Null - $ValuesToCheck.Remove('Computer') | Out-Null - $ValuesToCheck.Remove('App') | Out-Null - $ValuesToCheck.Remove('Policy') | Out-Null - $ValuesToCheck.Remove('SecurityGroup') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 index bbdde00cf5..01be59dfff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 @@ -80,7 +80,7 @@ function Get-TargetResource $IdentityParts = $Identity.Split('\') if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $roleEntry = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $IdentityParts[0] -and $_.Name -eq $IdentityParts[1]} + $roleEntry = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $IdentityParts[0] -and $_.Name -eq $IdentityParts[1] } } else { @@ -194,7 +194,7 @@ function Set-TargetResource $currentValues = Get-TargetResource @PSBoundParameters $paramDifference = Compare-Object -ReferenceObject $currentValues.Parameters -DifferenceObject $Parameters - $paramsToAdd = $paramDifference | Where-Object -FilterScript {$_.SideIndicator -eq '=>'} + $paramsToAdd = $paramDifference | Where-Object -FilterScript { $_.SideIndicator -eq '=>' } $paramsToAddEntries = @() foreach ($diff in $paramsToAdd) { @@ -206,7 +206,7 @@ function Set-TargetResource Set-ManagementRoleEntry -Identity $Identity -AddParameter -Parameters $paramsToAddEntries } - $paramsToRemove = $paramDifference | Where-Object -FilterScript {$_.SideIndicator -eq '<='} + $paramsToRemove = $paramDifference | Where-Object -FilterScript { $_.SideIndicator -eq '<=' } $paramsToRemoveEntries = @() foreach ($diff in $paramsToRemove) { @@ -378,10 +378,10 @@ function Export-TargetResource $Global:M365DSCExportResourceInstancesCount++ } - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $($roleEntry.Identity + "\" + $roleEntry.Name)" -NoNewline + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $($roleEntry.Identity + '\' + $roleEntry.Name)" -NoNewline $Params = @{ - Identity = $roleEntry.Identity + "\" + $roleEntry.Name + Identity = $roleEntry.Identity + '\' + $roleEntry.Name Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 index bd19cc11f4..79bbb79057 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementScope/MSFT_EXOManagementScope.psm1 @@ -75,7 +75,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $ManagementScope = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $ManagementScope = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -87,18 +87,18 @@ function Get-TargetResource } $results = @{ - Identity = $Identity - Name = $ManagementScope.Name - RecipientRestrictionFilter = $ManagementScope.RecipientFilter - RecipientRoot = $ManagementScope.RecipientRoot - Exclusive = $ManagementScope.Exclusive - Ensure = "Present" - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Identity = $Identity + Name = $ManagementScope.Name + RecipientRestrictionFilter = $ManagementScope.RecipientFilter + RecipientRoot = $ManagementScope.RecipientRoot + Exclusive = $ManagementScope.Exclusive + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigration/MSFT_EXOMigration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigration/MSFT_EXOMigration.psm1 index 7eccbcb0c8..c8ae0443d1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigration/MSFT_EXOMigration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigration/MSFT_EXOMigration.psm1 @@ -108,7 +108,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity.Name -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity.Name -eq $Identity } } else { @@ -123,35 +123,35 @@ function Get-TargetResource $UserEmails = $Users | ForEach-Object { $_.Identity } $results = @{ - Identity = $Identity - NotificationEmails = [System.String[]]$instance.NotificationEmails - AddUsers = [System.Boolean]$instance.AddUsers - BadItemLimit = [System.String]$instance.BadItemLimit - LargeItemLimit = [System.String]$instance.LargeItemLimit - MoveOptions = [System.String[]]$instance.MoveOptions - SkipMerging = [System.String[]]$instance.SkipMerging - Update = [System.Boolean]$instance.Update - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - Status = $instance.Status.Value - MigrationUsers = $UserEmails - SourceEndpoint = $instance.SourceEndpoint.Identity.Id - TargetDeliveryDomain = $instance.TargetDeliveryDomain + Identity = $Identity + NotificationEmails = [System.String[]]$instance.NotificationEmails + AddUsers = [System.Boolean]$instance.AddUsers + BadItemLimit = [System.String]$instance.BadItemLimit + LargeItemLimit = [System.String]$instance.LargeItemLimit + MoveOptions = [System.String[]]$instance.MoveOptions + SkipMerging = [System.String[]]$instance.SkipMerging + Update = [System.Boolean]$instance.Update + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + Status = $instance.Status.Value + MigrationUsers = $UserEmails + SourceEndpoint = $instance.SourceEndpoint.Identity.Id + TargetDeliveryDomain = $instance.TargetDeliveryDomain } if ($instance.CompleteAfter -ne $null) { - $results.Add('CompleteAfter', $instance.CompleteAfter.ToString("MM/dd/yyyy hh:mm tt")) + $results.Add('CompleteAfter', $instance.CompleteAfter.ToString('MM/dd/yyyy hh:mm tt')) } if ($instance.StartAfter -ne $null) { - $results.Add('StartAfter', $instance.CompleteAfter.ToString("MM/dd/yyyy hh:mm tt")) + $results.Add('StartAfter', $instance.CompleteAfter.ToString('MM/dd/yyyy hh:mm tt')) } return [System.Collections.Hashtable] $results @@ -284,15 +284,15 @@ function Set-TargetResource $csvBytes = [System.Text.Encoding]::UTF8.GetBytes($csvContent -join "`r`n") $BatchParams = @{ - Name = $Identity # Use the existing Identity as the new batch name - CSVData = $csvBytes # Directly use the byte array - NotificationEmails = $NotificationEmails # Use the same notification emails if provided - CompleteAfter = $CompleteAfter - StartAfter = $StartAfter - BadItemLimit = [System.String]$BadItemLimit - LargeItemLimit = $LargeItemLimit - SkipMerging = $SkipMerging - SourceEndpoint = $SourceEndpoint + Name = $Identity # Use the existing Identity as the new batch name + CSVData = $csvBytes # Directly use the byte array + NotificationEmails = $NotificationEmails # Use the same notification emails if provided + CompleteAfter = $CompleteAfter + StartAfter = $StartAfter + BadItemLimit = [System.String]$BadItemLimit + LargeItemLimit = $LargeItemLimit + SkipMerging = $SkipMerging + SourceEndpoint = $SourceEndpoint TargetDeliveryDomain = $TargetDeliveryDomain } @@ -334,22 +334,22 @@ function Set-TargetResource $csvFilePath = "$env:TEMP\MigrationUsers.csv" # Convert each item in the array to a custom object with an EmailAddress property - $csvContent = $MigrationUsers | ForEach-Object { [PSCustomObject]@{EmailAddress = $_} } + $csvContent = $MigrationUsers | ForEach-Object { [PSCustomObject]@{EmailAddress = $_ } } # Export to CSV with the header "EmailAddress" $csvContent | Export-Csv -Path $csvFilePath -NoTypeInformation -Force $BatchParams = @{ - Identity = $Identity # Use the existing Identity as the new batch name - CSVData = [System.IO.File]::ReadAllBytes($csvFilePath) # Load the CSV as byte array + Identity = $Identity # Use the existing Identity as the new batch name + CSVData = [System.IO.File]::ReadAllBytes($csvFilePath) # Load the CSV as byte array NotificationEmails = $NotificationEmails # Use the same notification emails if provided - CompleteAfter = $CompleteAfter - StartAfter = $StartAfter - BadItemLimit = [System.String]$BadItemLimit - LargeItemLimit = $LargeItemLimit - SkipMerging = $SkipMerging - Update = $Update - AddUsers = $AddUsers + CompleteAfter = $CompleteAfter + StartAfter = $StartAfter + BadItemLimit = [System.String]$BadItemLimit + LargeItemLimit = $LargeItemLimit + SkipMerging = $SkipMerging + Update = $Update + AddUsers = $AddUsers } Set-MigrationBatch @BatchParams diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigrationEndpoint/MSFT_EXOMigrationEndpoint.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigrationEndpoint/MSFT_EXOMigrationEndpoint.psm1 index 8e8ef54b1a..0890bcf4b8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigrationEndpoint/MSFT_EXOMigrationEndpoint.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigrationEndpoint/MSFT_EXOMigrationEndpoint.psm1 @@ -129,7 +129,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $migrationEndpoint = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $migrationEndpoint = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -141,31 +141,31 @@ function Get-TargetResource } $results = @{ - Identity = $Identity - AcceptUntrustedCertificates = $migrationEndpoint.AcceptUntrustedCertificates - AppID = $migrationEndpoint.AppID - AppSecretKeyVaultUrl = $migrationEndpoint.AppSecretKeyVaultUrl - Authentication = $migrationEndpoint.Authentication - EndpointType = $migrationEndpoint.EndpointType - ExchangeServer = $migrationEndpoint.ExchangeServer - MailboxPermission = $migrationEndpoint.MailboxPermission - MaxConcurrentIncrementalSyncs = $migrationEndpoint.MaxConcurrentIncrementalSyncs - MaxConcurrentMigrations = $migrationEndpoint.MaxConcurrentMigrations - NspiServer = $migrationEndpoint.NspiServer - Port = $migrationEndpoint.Port - RemoteServer = $migrationEndpoint.RemoteServer - RemoteTenant = $migrationEndpoint.RemoteTenant - RpcProxyServer = $migrationEndpoint.RpcProxyServer - Security = $migrationEndpoint.Security - SourceMailboxLegacyDN = $migrationEndpoint.SourceMailboxLegacyDN - UseAutoDiscover = $migrationEndpoint.UseAutoDiscover - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Identity = $Identity + AcceptUntrustedCertificates = $migrationEndpoint.AcceptUntrustedCertificates + AppID = $migrationEndpoint.AppID + AppSecretKeyVaultUrl = $migrationEndpoint.AppSecretKeyVaultUrl + Authentication = $migrationEndpoint.Authentication + EndpointType = $migrationEndpoint.EndpointType + ExchangeServer = $migrationEndpoint.ExchangeServer + MailboxPermission = $migrationEndpoint.MailboxPermission + MaxConcurrentIncrementalSyncs = $migrationEndpoint.MaxConcurrentIncrementalSyncs + MaxConcurrentMigrations = $migrationEndpoint.MaxConcurrentMigrations + NspiServer = $migrationEndpoint.NspiServer + Port = $migrationEndpoint.Port + RemoteServer = $migrationEndpoint.RemoteServer + RemoteTenant = $migrationEndpoint.RemoteTenant + RpcProxyServer = $migrationEndpoint.RpcProxyServer + Security = $migrationEndpoint.Security + SourceMailboxLegacyDN = $migrationEndpoint.SourceMailboxLegacyDN + UseAutoDiscover = $migrationEndpoint.UseAutoDiscover + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results @@ -319,7 +319,7 @@ function Set-TargetResource $newParams.Add('Name', $Identity) $newParams.Add('Confirm', [Switch]$false) - if ($EndpointType -eq "IMAP") + if ($EndpointType -eq 'IMAP') { # Removing mailbox permission parameter as this is valid only for outlook anywhere migration $setParams.Remove('MailboxPermission') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 index 183afecfed..2a0655f57a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 @@ -246,24 +246,24 @@ function Set-TargetResource -InboundParameters $PSBoundParameters $NewOnPremisesOrganizationParams = @{ - Name = $Identity - Comment = $Comment - HybridDomains = $HybridDomains - InboundConnector = $InboundConnector - OrganizationName = $OrganizationName - OrganizationGuid = $OrganizationGuid - OutboundConnector = $OutboundConnector - Confirm = $false + Name = $Identity + Comment = $Comment + HybridDomains = $HybridDomains + InboundConnector = $InboundConnector + OrganizationName = $OrganizationName + OrganizationGuid = $OrganizationGuid + OutboundConnector = $OutboundConnector + Confirm = $false } $SetOnPremisesOrganizationParams = @{ - Identity = $Identity - Comment = $Comment - HybridDomains = $HybridDomains - InboundConnector = $InboundConnector - OrganizationName = $OrganizationName - OutboundConnector = $OutboundConnector - Confirm = $false + Identity = $Identity + Comment = $Comment + HybridDomains = $HybridDomains + InboundConnector = $InboundConnector + OrganizationName = $OrganizationName + OutboundConnector = $OutboundConnector + Confirm = $false } if (-not [System.String]::IsNullOrEmpty($OrganizationRelationship)) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 index ee3dc48fbe..a282259ff0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPhishSimOverrideRule/MSFT_EXOPhishSimOverrideRule.psm1 @@ -75,7 +75,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -115,7 +115,8 @@ function Get-TargetResource } # Function to compare and modify properties -function ModifyPropertiesForSetCmdlet { +function ModifyPropertiesForSetCmdlet +{ param ( [Hashtable]$setParameters, [Hashtable]$currentInstance, @@ -131,10 +132,12 @@ function ModifyPropertiesForSetCmdlet { $removeArray = $currentArray | Where-Object { $_ -notin $setArray } # Modify $setParameters - if ($addArray.Count -gt 0) { + if ($addArray.Count -gt 0) + { $setParameters.Add("Add$propertyName", $addArray) } - if ($removeArray.Count -gt 0) { + if ($removeArray.Count -gt 0) + { $setParameters.Add("Remove$propertyName", $removeArray) } @@ -217,8 +220,8 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { $ruleIdentity = $setParameters['Identity'] - $setParameters.Add("Name", $ruleIdentity) - $setParameters.Remove("Identity") + $setParameters.Add('Name', $ruleIdentity) + $setParameters.Remove('Identity') New-EXOPhishSimOverrideRule @SetParameters } @@ -226,8 +229,8 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { # Modify Domains and SenderIpRanges parameters as Set cmdlet for this resource has different parameter names - ModifyPropertiesForSetCmdlet -setParameters $setParameters -currentInstance $currentInstance -propertyName "Domains" - ModifyPropertiesForSetCmdlet -setParameters $setParameters -currentInstance $currentInstance -propertyName "SenderIpRanges" + ModifyPropertiesForSetCmdlet -setParameters $setParameters -currentInstance $currentInstance -propertyName 'Domains' + ModifyPropertiesForSetCmdlet -setParameters $setParameters -currentInstance $currentInstance -propertyName 'SenderIpRanges' Set-EXOPhishSimOverrideRule @SetParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 index 9327331b4d..bfb60a5035 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 @@ -69,7 +69,7 @@ function Get-TargetResource $ParentId, [Parameter()] - [ValidateSet("Floor", "Section", "None")] + [ValidateSet('Floor', 'Section', 'None')] [System.String] $ParentType, @@ -172,7 +172,7 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($DisplayName)) { Write-Verbose -Message "Couldn't retrieve place by Id {$($Identity)}. Trying by DisplayName" - $place = Get-Place -ResultSize 'Unlimited' | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $place = Get-Place -ResultSize 'Unlimited' | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } if ($null -eq $place) @@ -305,7 +305,7 @@ function Set-TargetResource $ParentId, [Parameter()] - [ValidateSet("Floor", "Section", "None")] + [ValidateSet('Floor', 'Section', 'None')] [System.String] $ParentType, @@ -476,7 +476,7 @@ function Test-TargetResource $ParentId, [Parameter()] - [ValidateSet("Floor", "Section", "None")] + [ValidateSet('Floor', 'Section', 'None')] [System.String] $ParentType, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 index ac155325d0..77be9e2cec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 @@ -143,128 +143,128 @@ function Get-TargetResource if ($QuarantinePolicy.QuarantinePolicyType -eq 'GlobalQuarantineTag') { $result = @{ - CustomDisclaimer = $QuarantinePolicy.CustomDisclaimer - EndUserSpamNotificationFrequency = $QuarantinePolicy.EndUserSpamNotificationFrequency - EndUserSpamNotificationFrequencyInDays = $QuarantinePolicy.EndUserSpamNotificationFrequencyInDays - EndUserSpamNotificationCustomFromAddress = $QuarantinePolicy.EndUserSpamNotificationCustomFromAddress - MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer - EsnCustomSubject = $QuarantinePolicy.EsnCustomSubject - MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName - MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting - OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled - QuarantinePolicyType = $QuarantinePolicy.QuarantinePolicyType - Identity = $Identity - Credential = $Credential - Ensure = 'Present' - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + CustomDisclaimer = $QuarantinePolicy.CustomDisclaimer + EndUserSpamNotificationFrequency = $QuarantinePolicy.EndUserSpamNotificationFrequency + EndUserSpamNotificationFrequencyInDays = $QuarantinePolicy.EndUserSpamNotificationFrequencyInDays + EndUserSpamNotificationCustomFromAddress = $QuarantinePolicy.EndUserSpamNotificationCustomFromAddress + MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer + EsnCustomSubject = $QuarantinePolicy.EsnCustomSubject + MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName + MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting + OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled + QuarantinePolicyType = $QuarantinePolicy.QuarantinePolicyType + Identity = $Identity + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } } else { $EndUserQuarantinePermissionsValueDecimal = 0 if ($QuarantinePolicy.EndUserQuarantinePermissions) + { + # Convert string output of EndUserQuarantinePermissions to binary value and then to decimal value + # needed for EndUserQuarantinePermissionsValue attribute of New-/Set-QuarantinePolicy cmdlet. + # This parameter uses a decimal value that's converted from a binary value. + # The binary value corresponds to the list of available permissions in a specific order. + # For each permission, the value 1 equals True and the value 0 equals False. + + $EndUserQuarantinePermissionsBinary = '' + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToViewHeader: True')) + { + $PermissionToViewHeader = '1' + } + else + { + $PermissionToViewHeader = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDownload: True')) + { + $PermissionToDownload = '1' + } + else + { + $PermissionToDownload = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToAllowSender: True')) + { + $PermissionToAllowSender = '1' + } + else + { + $PermissionToAllowSender = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToBlockSender: True')) + { + $PermissionToBlockSender = '1' + } + else + { + $PermissionToBlockSender = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRequestRelease: True')) + { + $PermissionToRequestRelease = '1' + } + else + { + $PermissionToRequestRelease = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRelease: True')) + { + $PermissionToRelease = '1' + } + else + { + $PermissionToRelease = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToPreview: True')) + { + $PermissionToPreview = '1' + } + else { - # Convert string output of EndUserQuarantinePermissions to binary value and then to decimal value - # needed for EndUserQuarantinePermissionsValue attribute of New-/Set-QuarantinePolicy cmdlet. - # This parameter uses a decimal value that's converted from a binary value. - # The binary value corresponds to the list of available permissions in a specific order. - # For each permission, the value 1 equals True and the value 0 equals False. - - $EndUserQuarantinePermissionsBinary = '' - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToViewHeader: True')) - { - $PermissionToViewHeader = '1' - } - else - { - $PermissionToViewHeader = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDownload: True')) - { - $PermissionToDownload = '1' - } - else - { - $PermissionToDownload = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToAllowSender: True')) - { - $PermissionToAllowSender = '1' - } - else - { - $PermissionToAllowSender = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToBlockSender: True')) - { - $PermissionToBlockSender = '1' - } - else - { - $PermissionToBlockSender = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRequestRelease: True')) - { - $PermissionToRequestRelease = '1' - } - else - { - $PermissionToRequestRelease = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRelease: True')) - { - $PermissionToRelease = '1' - } - else - { - $PermissionToRelease = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToPreview: True')) - { - $PermissionToPreview = '1' - } - else - { - $PermissionToPreview = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDelete: True')) - { - $PermissionToDelete = '1' - } - else - { - $PermissionToDelete = '0' - } - # Concat values to binary value - $EndUserQuarantinePermissionsBinary = [System.String]::Concat($PermissionToViewHeader, $PermissionToDownload, $PermissionToAllowSender, $PermissionToBlockSender, $PermissionToRequestRelease, $PermissionToRelease, $PermissionToPreview, $PermissionToDelete) - - # Convert to Decimal value - [int]$EndUserQuarantinePermissionsValueDecimal = [System.Convert]::ToByte($EndUserQuarantinePermissionsBinary, 2) + $PermissionToPreview = '0' } - $result = @{ - Identity = $Identity - EndUserQuarantinePermissionsValue = $EndUserQuarantinePermissionsValueDecimal - ESNEnabled = $QuarantinePolicy.ESNEnabled - MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer - MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName - MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting - OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled - Credential = $Credential - Ensure = 'Present' - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDelete: True')) + { + $PermissionToDelete = '1' + } + else + { + $PermissionToDelete = '0' } + # Concat values to binary value + $EndUserQuarantinePermissionsBinary = [System.String]::Concat($PermissionToViewHeader, $PermissionToDownload, $PermissionToAllowSender, $PermissionToBlockSender, $PermissionToRequestRelease, $PermissionToRelease, $PermissionToPreview, $PermissionToDelete) + + # Convert to Decimal value + [int]$EndUserQuarantinePermissionsValueDecimal = [System.Convert]::ToByte($EndUserQuarantinePermissionsBinary, 2) + } + $result = @{ + Identity = $Identity + EndUserQuarantinePermissionsValue = $EndUserQuarantinePermissionsValueDecimal + ESNEnabled = $QuarantinePolicy.ESNEnabled + MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer + MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName + MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting + OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } } Write-Verbose -Message "Found QuarantinePolicy $($Identity)" Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -423,7 +423,8 @@ function Set-TargetResource elseif (('Present' -eq $Ensure ) -and ($Null -ne $QuarantinePolicy)) { Write-Verbose -Message "Setting QuarantinePolicy $($Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $QuarantinePolicyParams)" - if ($QuarantinePolicyType -eq 'GlobalQuarantineTag') { + if ($QuarantinePolicyType -eq 'GlobalQuarantineTag') + { $QuarantinePolicyParams.Remove('Identity') | Out-Null Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy | Set-QuarantinePolicy @QuarantinePolicyParams } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 index 7a87ce811f..e589117126 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 @@ -456,7 +456,7 @@ function Export-TargetResource } $IdentityValue = $recipientPermission.Identity - if ([System.Guid]::TryParse($IdentityValue,[System.Management.Automation.PSReference]$ObjectGuid)) + if ([System.Guid]::TryParse($IdentityValue, [System.Management.Automation.PSReference]$ObjectGuid)) { $user = Get-User -Identity $IdentityValue $IdentityValue = $user.UserPrincipalName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 index fc70da66fa..ecdfa2dbde 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -143,7 +143,7 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of ReportSubmissionPolicy" + Write-Verbose -Message 'Getting configuration of ReportSubmissionPolicy' if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` @@ -178,49 +178,49 @@ function Get-TargetResource if ($null -eq $ReportSubmissionPolicy) { - Write-Verbose -Message "ReportSubmissionPolicy does not exist." + Write-Verbose -Message 'ReportSubmissionPolicy does not exist.' return $nullReturn } else { $result = @{ - IsSingleInstance = 'Yes' - DisableQuarantineReportingOption = $ReportSubmissionPolicy.DisableQuarantineReportingOption - EnableCustomNotificationSender = $ReportSubmissionPolicy.EnableCustomNotificationSender - EnableOrganizationBranding = $ReportSubmissionPolicy.EnableOrganizationBranding - EnableReportToMicrosoft = $ReportSubmissionPolicy.EnableReportToMicrosoft - EnableThirdPartyAddress = $ReportSubmissionPolicy.EnableThirdPartyAddress - EnableUserEmailNotification = $ReportSubmissionPolicy.EnableUserEmailNotification - JunkReviewResultMessage = $ReportSubmissionPolicy.JunkReviewResultMessage - NotJunkReviewResultMessage = $ReportSubmissionPolicy.NotJunkReviewResultMessage - NotificationFooterMessage = $ReportSubmissionPolicy.NotificationFooterMessage - NotificationSenderAddress = $ReportSubmissionPolicy.NotificationSenderAddress - PhishingReviewResultMessage = $ReportSubmissionPolicy.PhishingReviewResultMessage - PostSubmitMessage = $ReportSubmissionPolicy.PostSubmitMessage - PostSubmitMessageEnabled = $ReportSubmissionPolicy.PostSubmitMessageEnabled - PostSubmitMessageTitle = $ReportSubmissionPolicy.PostSubmitMessageTitle - PreSubmitMessage = $ReportSubmissionPolicy.PreSubmitMessage - PreSubmitMessageEnabled = $ReportSubmissionPolicy.PreSubmitMessageEnabled - PreSubmitMessageTitle = $ReportSubmissionPolicy.PreSubmitMessageTitle - ReportJunkAddresses = $ReportSubmissionPolicy.ReportJunkAddresses - ReportJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportJunkToCustomizedAddress - ReportNotJunkAddresses = $ReportSubmissionPolicy.ReportNotJunkAddresses - ReportNotJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress - ReportPhishAddresses = $ReportSubmissionPolicy.ReportPhishAddresses - ReportPhishToCustomizedAddress = $ReportSubmissionPolicy.ReportPhishToCustomizedAddress - ThirdPartyReportAddresses = $ReportSubmissionPolicy.ThirdPartyReportAddresses - Credential = $Credential - Ensure = 'Present' - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + DisableQuarantineReportingOption = $ReportSubmissionPolicy.DisableQuarantineReportingOption + EnableCustomNotificationSender = $ReportSubmissionPolicy.EnableCustomNotificationSender + EnableOrganizationBranding = $ReportSubmissionPolicy.EnableOrganizationBranding + EnableReportToMicrosoft = $ReportSubmissionPolicy.EnableReportToMicrosoft + EnableThirdPartyAddress = $ReportSubmissionPolicy.EnableThirdPartyAddress + EnableUserEmailNotification = $ReportSubmissionPolicy.EnableUserEmailNotification + JunkReviewResultMessage = $ReportSubmissionPolicy.JunkReviewResultMessage + NotJunkReviewResultMessage = $ReportSubmissionPolicy.NotJunkReviewResultMessage + NotificationFooterMessage = $ReportSubmissionPolicy.NotificationFooterMessage + NotificationSenderAddress = $ReportSubmissionPolicy.NotificationSenderAddress + PhishingReviewResultMessage = $ReportSubmissionPolicy.PhishingReviewResultMessage + PostSubmitMessage = $ReportSubmissionPolicy.PostSubmitMessage + PostSubmitMessageEnabled = $ReportSubmissionPolicy.PostSubmitMessageEnabled + PostSubmitMessageTitle = $ReportSubmissionPolicy.PostSubmitMessageTitle + PreSubmitMessage = $ReportSubmissionPolicy.PreSubmitMessage + PreSubmitMessageEnabled = $ReportSubmissionPolicy.PreSubmitMessageEnabled + PreSubmitMessageTitle = $ReportSubmissionPolicy.PreSubmitMessageTitle + ReportJunkAddresses = $ReportSubmissionPolicy.ReportJunkAddresses + ReportJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportJunkToCustomizedAddress + ReportNotJunkAddresses = $ReportSubmissionPolicy.ReportNotJunkAddresses + ReportNotJunkToCustomizedAddress = $ReportSubmissionPolicy.ReportNotJunkToCustomizedAddress + ReportPhishAddresses = $ReportSubmissionPolicy.ReportPhishAddresses + ReportPhishToCustomizedAddress = $ReportSubmissionPolicy.ReportPhishToCustomizedAddress + ThirdPartyReportAddresses = $ReportSubmissionPolicy.ThirdPartyReportAddresses + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } - Write-Verbose -Message "Found ReportSubmissionPolicy" + Write-Verbose -Message 'Found ReportSubmissionPolicy' Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result } @@ -392,7 +392,7 @@ function Set-TargetResource -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Setting configuration of ReportSubmissionPolicy" + Write-Verbose -Message 'Setting configuration of ReportSubmissionPolicy' $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -414,7 +414,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentReportSubmissionPolicy.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating ReportSubmissionPolicy" + Write-Verbose -Message 'Creating ReportSubmissionPolicy' New-ReportSubmissionPolicy Set-ReportSubmissionPolicy @ReportSubmissionPolicyParams -Confirm:$false @@ -426,8 +426,8 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionPolicy.Ensure -eq 'Present') { - Write-Verbose -Message "Removing ReportSubmissionPolicy" - Remove-ReportSubmissionPolicy -Identity "DefaultReportSubmissionPolicy" + Write-Verbose -Message 'Removing ReportSubmissionPolicy' + Remove-ReportSubmissionPolicy -Identity 'DefaultReportSubmissionPolicy' } } @@ -587,7 +587,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of ReportSubmissionPolicy" + Write-Verbose -Message 'Testing configuration of ReportSubmissionPolicy' $CurrentValues = Get-TargetResource @PSBoundParameters @@ -673,7 +673,7 @@ function Export-TargetResource } $dscContent = '' - Write-Host " |---Export Default ReportSubmissionPolicy" -NoNewline + Write-Host ' |---Export Default ReportSubmissionPolicy' -NoNewline if ($null -ne $Global:M365DSCExportResourceInstancesCount) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 index cb3069e680..3271fc0229 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of ReportSubmissionRule" + Write-Verbose -Message 'Getting configuration of ReportSubmissionRule' if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` @@ -94,28 +94,28 @@ function Get-TargetResource if ($null -eq $ReportSubmissionRule) { - Write-Verbose -Message "ReportSubmissionRule does not exist." + Write-Verbose -Message 'ReportSubmissionRule does not exist.' return $nullReturn } else { $result = @{ - IsSingleInstance = 'Yes' - Identity = $ReportSubmissionRule.Identity - Comments = $ReportSubmissionRule.Comments - SentTo = $ReportSubmissionRule.SentTo - Credential = $Credential - Ensure = 'Present' - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + Identity = $ReportSubmissionRule.Identity + Comments = $ReportSubmissionRule.Comments + SentTo = $ReportSubmissionRule.SentTo + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } - Write-Verbose -Message "Found ReportSubmissionRule" + Write-Verbose -Message 'Found ReportSubmissionRule' Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result } @@ -203,7 +203,7 @@ function Set-TargetResource -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Setting configuration of ReportSubmissionRule" + Write-Verbose -Message 'Setting configuration of ReportSubmissionRule' $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -224,7 +224,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentReportSubmissionRule.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating ReportSubmissionRule" + Write-Verbose -Message 'Creating ReportSubmissionRule' $ReportSubmissionRuleParams.Add('Name', $Identity) | Out-Null $ReportSubmissionRuleParams.Remove('Identity') | Out-Null @@ -240,7 +240,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentReportSubmissionRule.Ensure -eq 'Present') { - Write-Verbose -Message "Removing ReportSubmissionRule" + Write-Verbose -Message 'Removing ReportSubmissionRule' Remove-ReportSubmissionRule -Identity $Identity -Confirm:$false } } @@ -317,7 +317,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of ReportSubmissionRule" + Write-Verbose -Message 'Testing configuration of ReportSubmissionRule' $CurrentValues = Get-TargetResource @PSBoundParameters @@ -404,7 +404,7 @@ function Export-TargetResource } $dscContent = '' - Write-Host " |---Export ReportSubmissionRule" -NoNewline + Write-Host ' |---Export ReportSubmissionRule' -NoNewline if ($null -ne $Global:M365DSCExportResourceInstancesCount) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 index fbd6d16c3a..e167ce3330 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.psm1 @@ -1,414 +1,414 @@ -function Get-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - - [Parameter()] - [System.Boolean] - $IsDefault, - - [Parameter()] - [System.Boolean] - $IsDefaultArbitrationMailbox, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Guid] - $RetentionId, - - [Parameter()] - [System.String[]] - $RetentionPolicyTagLinks, - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Boolean] + $IsDefaultArbitrationMailbox, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Guid] + $RetentionId, + + [Parameter()] + [System.String[]] + $RetentionPolicyTagLinks, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters | Out-Null - - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand + -InboundParameters $PSBoundParameters | Out-Null + + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} - } - else - { - $instance = Get-RetentionPolicy -Identity $Identity -ErrorAction Stop - } - if ($null -eq $instance) - { - return $nullResult - } - - $results = @{ - Ensure = 'Present' - Identity = [System.String]$instance.Identity - IsDefault = [System.Boolean]$instance.IsDefault - IsDefaultArbitrationMailbox = [System.Boolean]$instance.IsDefaultArbitrationMailbox - Name = [System.String]$instance.Name - RetentionId = [System.Guid]$instance.RetentionId - RetentionPolicyTagLinks = [System.String[]]$instance.RetentionPolicyTagLinks - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - return [System.Collections.Hashtable] $results - } - catch - { + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } + } + else + { + $instance = Get-RetentionPolicy -Identity $Identity -ErrorAction Stop + } + if ($null -eq $instance) + { + return $nullResult + } + + $results = @{ + Ensure = 'Present' + Identity = [System.String]$instance.Identity + IsDefault = [System.Boolean]$instance.IsDefault + IsDefaultArbitrationMailbox = [System.Boolean]$instance.IsDefaultArbitrationMailbox + Name = [System.String]$instance.Name + RetentionId = [System.Guid]$instance.RetentionId + RetentionPolicyTagLinks = [System.String[]]$instance.RetentionPolicyTagLinks + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` - -Credential $Credential - - return $nullResult - } -} - - -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - - [Parameter()] - [System.Boolean] - $IsDefault, - - [Parameter()] - [System.Boolean] - $IsDefaultArbitrationMailbox, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Guid] - $RetentionId, - - [Parameter()] - [System.String[]] - $RetentionPolicyTagLinks, + -Credential $Credential + + return $nullResult + } +} + + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Boolean] + $IsDefaultArbitrationMailbox, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Guid] + $RetentionId, + + [Parameter()] + [System.String[]] + $RetentionPolicyTagLinks, [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', - - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand + + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentInstance = Get-TargetResource @PSBoundParameters - - $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - - # CREATE - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') - { - $setParameters.Remove("Identity") - New-RetentionPolicy @SetParameters - } - # UPDATE - elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') - { - Set-RetentionPolicy @SetParameters -Force - } - # REMOVE - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Remove-RetentionPolicy -Identity $Identity -Force - } -} - - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - - [Parameter()] - [System.Boolean] - $IsDefault, - - [Parameter()] - [System.Boolean] - $IsDefaultArbitrationMailbox, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Guid] - $RetentionId, - - [Parameter()] - [System.String[]] - $RetentionPolicyTagLinks, + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + $setParameters.Remove('Identity') + New-RetentionPolicy @SetParameters + } + # UPDATE + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Set-RetentionPolicy @SetParameters -Force + } + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-RetentionPolicy -Identity $Identity -Force + } +} + + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IsDefault, + + [Parameter()] + [System.Boolean] + $IsDefaultArbitrationMailbox, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Guid] + $RetentionId, + + [Parameter()] + [System.String[]] + $RetentionPolicyTagLinks, [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] $Ensure = 'Present', - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - - Write-Verbose -Message "Test-TargetResource returned $testResult" - - return $testResult -} - -function Export-TargetResource -{ - [CmdletBinding()] - [OutputType([System.String])] - param - ( - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand + -InboundParameters $PSBoundParameters + + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - try - { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-RetentionPolicy -ErrorAction Stop - - $i = 1 - $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) - { - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - else - { - Write-Host "`r`n" -NoNewline - } - foreach ($config in $Script:exportedInstances) - { - $displayedKey = $config.Identity - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline - $params = @{ - Identity = $config.Identity - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - - $Results = Get-TargetResource @Params + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-RetentionPolicy -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Identity + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + $params = @{ + Identity = $config.Identity + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock + -Credential $Credential + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - return $dscContent - } - catch - { - Write-Host $Global:M365DSCEmojiRedX - + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` - -Credential $Credential - - return '' - } -} + -Credential $Credential + + return '' + } +} Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof index 06fc8d548a..48aa7b434d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/MSFT_EXORetentionPolicy.schema.mof @@ -1,19 +1,19 @@ -[ClassVersion("1.0.0.0"), FriendlyName("EXORetentionPolicy")] -class MSFT_EXORetentionPolicy : OMI_BaseResource -{ - [Key, Description("The Identity parameter specifies the name, distinguished name (DN), or GUID of the retention policy.")] String Identity; - [Write, Description("The IsDefault switch specifies that this retention policy is the default retention policy. You don't need to specify a value with this switch.")] Boolean IsDefault; - [Write, Description("The IsDefaultArbitrationMailbox switch configures this policy as the default retention policy for arbitration mailboxes in your Exchange Online organization. You don't need to specify a value with this switch.")] Boolean IsDefaultArbitrationMailbox; - [Write, Description("The Name parameter specifies a unique name for the retention policy.")] String Name; - [Write, Description("The RetentionId parameter specifies the identity of the retention policy to make sure mailboxes moved between two Exchange organizations continue to have the same retention policy applied to them.")] String RetentionId; - [Write, Description("The RetentionPolicyTagLinks parameter specifies the identity of retention policy tags to associate with the retention policy. Mailboxes that get a retention policy applied have retention tags linked with that retention policy.")] String RetentionPolicyTagLinks[]; - +[ClassVersion("1.0.0.0"), FriendlyName("EXORetentionPolicy")] +class MSFT_EXORetentionPolicy : OMI_BaseResource +{ + [Key, Description("The Identity parameter specifies the name, distinguished name (DN), or GUID of the retention policy.")] String Identity; + [Write, Description("The IsDefault switch specifies that this retention policy is the default retention policy. You don't need to specify a value with this switch.")] Boolean IsDefault; + [Write, Description("The IsDefaultArbitrationMailbox switch configures this policy as the default retention policy for arbitration mailboxes in your Exchange Online organization. You don't need to specify a value with this switch.")] Boolean IsDefaultArbitrationMailbox; + [Write, Description("The Name parameter specifies a unique name for the retention policy.")] String Name; + [Write, Description("The RetentionId parameter specifies the identity of the retention policy to make sure mailboxes moved between two Exchange organizations continue to have the same retention policy applied to them.")] String RetentionId; + [Write, Description("The RetentionPolicyTagLinks parameter specifies the identity of retention policy tags to associate with the retention policy. Mailboxes that get a retention policy applied have retention tags linked with that retention policy.")] String RetentionPolicyTagLinks[]; + [Write, Description("Specifies if this report submission rule should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; - [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md index 08cbda5846..fe5ff622e7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/readme.md @@ -1,5 +1,5 @@ -# EXORetentionPolicy - -## Description - -Use the New-RetentionPolicy cmdlet to create a retention policy and the Set-RetentionPolicy cmdlet to change the properties of an existing retention policy. +# EXORetentionPolicy + +## Description + +Use the New-RetentionPolicy cmdlet to create a retention policy and the Set-RetentionPolicy cmdlet to change the properties of an existing retention policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json index d805a5b797..4453cb593f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORetentionPolicy/settings.json @@ -26,8 +26,8 @@ "Recipient Management" ], "requiredrolegroups": [ - "Organization Management", - "Help Desk" + "Organization Management", + "Help Desk" ] } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 index ddaf63e526..040ebe5990 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 @@ -82,7 +82,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -229,7 +229,7 @@ function Set-TargetResource # Create Role Group if ($Members.Length -gt 0) { - $NewRoleGroupParams.Add("Members", $Members) + $NewRoleGroupParams.Add('Members', $Members) } New-RoleGroup @NewRoleGroupParams } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeAttachmentPolicy/MSFT_EXOSafeAttachmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeAttachmentPolicy/MSFT_EXOSafeAttachmentPolicy.psm1 index 96a586a511..13c8b963a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeAttachmentPolicy/MSFT_EXOSafeAttachmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeAttachmentPolicy/MSFT_EXOSafeAttachmentPolicy.psm1 @@ -264,8 +264,9 @@ function Set-TargetResource $StopProcessingPolicy = $false if ($Redirect -eq $true) { - if ($ActionOnError -eq $true){ - Write-Verbose -Message "The ActionOnError parameter is deprecated" + if ($ActionOnError -eq $true) + { + Write-Verbose -Message 'The ActionOnError parameter is deprecated' $SafeAttachmentPolicyParams.Remove('ActionOnError') | Out-Null } $Message = 'Cannot proceed with processing of SafeAttachmentPolicy because Redirect is set to true ' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 index ae02e155d1..59fce47512 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 @@ -150,31 +150,31 @@ function Get-TargetResource else { $result = @{ - Identity = $SafeLinksPolicy.Identity - AdminDisplayName = $SafeLinksPolicy.AdminDisplayName - AllowClickThrough = $SafeLinksPolicy.AllowClickThrough - CustomNotificationText = $SafeLinksPolicy.CustomNotificationText - DeliverMessageAfterScan = $SafeLinksPolicy.DeliverMessageAfterScan - DoNotRewriteUrls = $SafeLinksPolicy.DoNotRewriteUrls - EnableForInternalSenders = $SafeLinksPolicy.EnableForInternalSenders - EnableOrganizationBranding = $SafeLinksPolicy.EnableOrganizationBranding - EnableSafeLinksForTeams = $SafeLinksPolicy.EnableSafeLinksForTeams - EnableSafeLinksForEmail = $SafeLinksPolicy.EnableSafeLinksForEmail - EnableSafeLinksForOffice = $SafeLinksPolicy.EnableSafeLinksForOffice - DisableUrlRewrite = $SafeLinksPolicy.DisableUrlRewrite - ScanUrls = $SafeLinksPolicy.ScanUrls - TrackClicks = $SafeLinksPolicy.TrackClicks + Identity = $SafeLinksPolicy.Identity + AdminDisplayName = $SafeLinksPolicy.AdminDisplayName + AllowClickThrough = $SafeLinksPolicy.AllowClickThrough + CustomNotificationText = $SafeLinksPolicy.CustomNotificationText + DeliverMessageAfterScan = $SafeLinksPolicy.DeliverMessageAfterScan + DoNotRewriteUrls = $SafeLinksPolicy.DoNotRewriteUrls + EnableForInternalSenders = $SafeLinksPolicy.EnableForInternalSenders + EnableOrganizationBranding = $SafeLinksPolicy.EnableOrganizationBranding + EnableSafeLinksForTeams = $SafeLinksPolicy.EnableSafeLinksForTeams + EnableSafeLinksForEmail = $SafeLinksPolicy.EnableSafeLinksForEmail + EnableSafeLinksForOffice = $SafeLinksPolicy.EnableSafeLinksForOffice + DisableUrlRewrite = $SafeLinksPolicy.DisableUrlRewrite + ScanUrls = $SafeLinksPolicy.ScanUrls + TrackClicks = $SafeLinksPolicy.TrackClicks # The Get-SafeLinksPolicy no longer returns this property # UseTranslatedNotificationText = $SafeLinksPolicy.UseTranslatedNotificationText - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } Write-Verbose -Message "Found SafeLinksPolicy $($Identity)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 index a804064c90..4d9292d96b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSecOpsOverrideRule/MSFT_EXOSecOpsOverrideRule.psm1 @@ -67,7 +67,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -171,14 +171,14 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { $ruleIdentity = $setParameters['Identity'] - $setParameters.Add("Name", $ruleIdentity) - $setParameters.Remove("Identity") + $setParameters.Add('Name', $ruleIdentity) + $setParameters.Remove('Identity') New-EXOSecOpsOverrideRule @SetParameters } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - $setParameters.Remove("Policy") + $setParameters.Remove('Policy') Set-EXOSecOpsOverrideRule @SetParameters } # REMOVE diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOServicePrincipal/MSFT_EXOServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOServicePrincipal/MSFT_EXOServicePrincipal.psm1 index da092793e8..d888c04fd0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOServicePrincipal/MSFT_EXOServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOServicePrincipal/MSFT_EXOServicePrincipal.psm1 @@ -78,7 +78,7 @@ function Get-TargetResource if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.AppId -eq $servicePrincipal.AppId} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.AppId -eq $servicePrincipal.AppId } } else { @@ -94,7 +94,6 @@ function Get-TargetResource AppName = $servicePrincipal.AppDisplayName DisplayName = $instance.DisplayName AppId = $instance.AppId - ObjectId = $instance.ObjectId Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -194,8 +193,7 @@ function Set-TargetResource # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - $setParameters.Remove("AppId") - $setParameters.Remove("ObjectId") + $setParameters.Remove('AppId') Set-ServicePrincipal -DisplayName $DisplayName -Identity $servicePrincipal.Id } # REMOVE @@ -354,6 +352,11 @@ function Export-TargetResource } foreach ($config in $Script:exportedInstances) { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $servicePrincipal = Get-MgServicePrincipal -ServicePrincipalId $config.Identity $displayedKey = $servicePrincipal.AppDisplayName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 index 1047ca25c3..54ee8e009f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 @@ -98,7 +98,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $mailbox = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $mailbox = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } else { @@ -113,7 +113,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $mailbox = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $mailbox = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 index 071e688af6..6082212593 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 @@ -95,7 +95,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -109,13 +109,13 @@ function Get-TargetResource $results = @{ Name = $instance.Name Provider = $instance.Provider - DestinationFolder = $instance.MailboxOwnerId + ":\" + $instance.DestinationFolder + DestinationFolder = $instance.MailboxOwnerId + ':\' + $instance.DestinationFolder Enabled = [Boolean]$instance.Enabled KeepForDays = $instance.KeepForDays KeepLatest = $instance.KeepLatest Mailbox = $instance.MailboxOwnerId SenderName = $instance.Sender.Split('"')[1] - SourceFolder = $instance.MailboxOwnerId + ":\" + $instance.SourceFolder + SourceFolder = $instance.MailboxOwnerId + ':\' + $instance.SourceFolder SystemCategory = $instance.SystemCategory Ensure = 'Present' Credential = $Credential @@ -234,22 +234,22 @@ function Set-TargetResource # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating new Sweep Rule." + Write-Verbose -Message 'Creating new Sweep Rule.' New-SweepRule @SetParameters } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating existing Sweep Rule." - $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript {$_.Name -eq $Name} + Write-Verbose -Message 'Updating existing Sweep Rule.' + $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript { $_.Name -eq $Name } $SetParameters.Add('Identity', $instance.RuleId) Set-SweepRule @SetParameters } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing existing Sweep Rule." - $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript {$_.Name -eq $Name} + Write-Verbose -Message 'Removing existing Sweep Rule.' + $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript { $_.Name -eq $Name } Remove-SweepRule -Identity $instance.RuleId -Mailbox $Mailbox } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/MSFT_EXOTeamsProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/MSFT_EXOTeamsProtectionPolicy.psm1 new file mode 100644 index 0000000000..02b6d344dc --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/MSFT_EXOTeamsProtectionPolicy.psm1 @@ -0,0 +1,428 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [ValidateSet('AdminOnlyAccessPolicy', 'DefaultFullAccessPolicy', 'DefaultFullAccessWithNotificationPolicy')] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [ValidateSet('AdminOnlyAccessPolicy', 'DefaultFullAccessPolicy', 'DefaultFullAccessWithNotificationPolicy')] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Getting configuration of Teams Protection Policy" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = @{ + IsSingleInstance = 'Yes' + AdminDisplayName = $null + HighConfidencePhishQuarantineTag = $null + MalwareQuarantineTag = $null + ZapEnabled = $null + } + + try + { + $ProtectionPolicy = Get-TeamsProtectionPolicy + + if ($null -eq $ProtectionPolicy) + { + Write-Verbose -Message "Teams Protection Policy does not exist." + return $nullReturn + } + else + { + $result = @{ + IsSingleInstance = 'Yes' + AdminDisplayName = $ProtectionPolicy.AdminDisplayName + HighConfidencePhishQuarantineTag = $ProtectionPolicy.HighConfidencePhishQuarantineTag + MalwareQuarantineTag = $ProtectionPolicy.MalwareQuarantineTag + ZapEnabled = $ProtectionPolicy.ZapEnabled + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } + + Write-Verbose -Message "Found ProtectionPolicy" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} +function Set-TargetResource +{ + [CmdletBinding()] + + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [ValidateSet('AdminOnlyAccessPolicy', 'DefaultFullAccessPolicy', 'DefaultFullAccessWithNotificationPolicy')] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [ValidateSet('AdminOnlyAccessPolicy', 'DefaultFullAccessPolicy', 'DefaultFullAccessWithNotificationPolicy')] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + Write-Verbose -Message "Setting configuration of Teams Protection Policy" + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentValues = Get-TargetResource @PSBoundParameters + + if ($null -eq $currentValues.AdminDisplayName -and ` + $null -eq $currentValues.HighConfidencePhishQuarantineTag -and ` + $null -eq $currentValues.MalwareQuarantineTag -and ` + $null -eq $currentValues.ZapEnabled) + { + Write-Verbose -Message 'Teams Protection Policy does not exist, creating new policy' + New-TeamsProtectionPolicy -Name 'Teams Protection Policy' + } + + $params = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $params.Add('Identity', 'Teams Protection Policy') + $params.Remove('IsSingleInstance') + + Set-TeamsProtectionPolicy @params +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [ValidateSet('AdminOnlyAccessPolicy', 'DefaultFullAccessPolicy', 'DefaultFullAccessWithNotificationPolicy')] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [ValidateSet('AdminOnlyAccessPolicy', 'DefaultFullAccessPolicy', 'DefaultFullAccessWithNotificationPolicy')] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Testing configuration of Teams Protection Policy' + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $($TestResult)" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $dscContent = '' + + [array]$teamsProtectionPolicy = Get-TeamsProtectionPolicy + if ($null -ne $teamsProtectionPolicy) + { + $Params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + } + + Write-Host $Global:M365DSCEmojiGreenCheckMark + + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} +Export-ModuleMember -Function *-TargetResource + diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/MSFT_EXOTeamsProtectionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/MSFT_EXOTeamsProtectionPolicy.schema.mof new file mode 100644 index 0000000000..c6c4d1c24f --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/MSFT_EXOTeamsProtectionPolicy.schema.mof @@ -0,0 +1,18 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("EXOTeamsProtectionPolicy")] +class MSFT_EXOTeamsProtectionPolicy : OMI_BaseResource +{ + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("The AdminDisplayName parameter specifies a description for the policy.")] String AdminDisplayName; + [Write, Description("The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as high confidence phishing by ZAP for Teams."), ValueMap{"AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"}, Values{"AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"}] String HighConfidencePhishQuarantineTag; + [Write, Description("The MalwareQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as malware by ZAP for Teams."), ValueMap{"AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"}, Values{"AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"}] String MalwareQuarantineTag; + [Write, Description("The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP) for malware and high confidence phishing messages in Teams messages.")] Boolean ZapEnabled; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/readme.md new file mode 100644 index 0000000000..45288c36d0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/readme.md @@ -0,0 +1,5 @@ +# EXOTeamsProtectionPolicy + +## Description + +Create or modify a TeamsProtectionPolicy in your cloud-based organization. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/settings.json new file mode 100644 index 0000000000..81528a1617 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTeamsProtectionPolicy/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "EXOTeamsProtectionPolicy", + "description": "", + "roles": { + "read": [ + "Security Reader" + ], + "update": [ + "Security Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Compliance Management", + "Delegated Setup", + "Hygiene Management", + "Organization Management", + "View-Only Organization Management" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 index 01778e9c2b..63a5ea5248 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 @@ -266,7 +266,7 @@ function Set-TargetResource if ($currentInstance.SubmissionID -ne $SubmissionID) { - throw "SubmissionID can not be changed" + throw 'SubmissionID can not be changed' } $UpdateParameters = ([Hashtable]$BoundParameters).Clone() @@ -448,7 +448,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -465,7 +465,7 @@ function Export-TargetResource try { - $ListTypes = ("FileHash", "Sender", "Url"); + $ListTypes = ('FileHash', 'Sender', 'Url') [array]$getValues = @() @@ -474,8 +474,8 @@ function Export-TargetResource $listValues = Get-TenantAllowBlockListItems -ListType $ListType -ErrorAction Stop $listValues | ForEach-Object { $getValues += @{ - Action = $_.Action - Value = $_.Value + Action = $_.Action + Value = $_.Value ListType = $ListType } } @@ -505,15 +505,15 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValues.Count)] $displayedKey" -NoNewline $params = @{ - Action = $config.Action - ListType = $config.ListType - Value = $config.Value - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Action = $config.Action + ListType = $config.ListType + Value = $config.Value + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret + ApplicationSecret = $ApplicationSecret } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListSpoofItems/MSFT_EXOTenantAllowBlockListSpoofItems.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListSpoofItems/MSFT_EXOTenantAllowBlockListSpoofItems.psm1 index 80ff2e2ead..3334138476 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListSpoofItems/MSFT_EXOTenantAllowBlockListSpoofItems.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListSpoofItems/MSFT_EXOTenantAllowBlockListSpoofItems.psm1 @@ -77,11 +77,11 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Identity)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.SpoofedUser -eq $SpoofedUser} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.SpoofedUser -eq $SpoofedUser } } } else @@ -92,7 +92,7 @@ function Get-TargetResource } if ($null -eq $instance) { - $instance = Get-TenantAllowBlockListSpoofItems | Where-Object -FilterScript {$_.SpoofedUser -eq $SpoofedUser} + $instance = Get-TenantAllowBlockListSpoofItems | Where-Object -FilterScript { $_.SpoofedUser -eq $SpoofedUser } } } if ($null -eq $instance) @@ -216,9 +216,9 @@ function Set-TargetResource { Write-Verbose -Message "Updating blocked spoofed item {$SpoofedUser}" $instanceParams = @{ - Action = $Action - Ids = @($currentInstance.Identity) - Identity = 'Default' + Action = $Action + Ids = @($currentInstance.Identity) + Identity = 'Default' } Set-TenantAllowBlockListSpoofItems @instanceParams } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index 89055e9a3f..d2c511a0ef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -784,7 +784,7 @@ function Get-TargetResource $MessageContainsDataClassificationsValue = $TransportRule.MessageContainsDataClassifications.Replace('"', "'") } - if ($TransportRule.State -eq "Enabled") + if ($TransportRule.State -eq 'Enabled') { $enabled = $true } @@ -1775,10 +1775,10 @@ function Set-TargetResource # check for deprecated DLP parameters and remove them if ($NewTransportRuleParams.ContainsKey('MessageContainsDataClassifications') ` - -or $NewTransportRuleParams.ContainsKey('ExceptIfMessageContainsDataClassifications') ` - -or $NewTransportRuleParams.ContainsKey('HasSenderOverride') ` - -or $NewTransportRuleParams.ContainsKey('ExceptIfHasSenderOverride') ` - -or $NewTransportRuleParams.ContainsKey('NotifySender')) + -or $NewTransportRuleParams.ContainsKey('ExceptIfMessageContainsDataClassifications') ` + -or $NewTransportRuleParams.ContainsKey('HasSenderOverride') ` + -or $NewTransportRuleParams.ContainsKey('ExceptIfHasSenderOverride') ` + -or $NewTransportRuleParams.ContainsKey('NotifySender')) { $NewTransportRuleParams.Remove('MessageContainsDataClassifications') | Out-Null $NewTransportRuleParams.Remove('ExceptIfMessageContainsDataClassifications') | Out-Null @@ -1786,7 +1786,7 @@ function Set-TargetResource $NewTransportRuleParams.Remove('ExceptIfHasSenderOverride') | Out-Null $NewTransportRuleParams.Remove('NotifySender') | Out-Null - Write-Verbose -Message "DEPRECATED - The DLP parameters (MessageContainsDataClassifications, ExceptIfMessageContainsDataClassifications, ExceptIfHasSenderOverride, HasSenderOverride and NotifySender) are deprecated and will be ignored." + Write-Verbose -Message 'DEPRECATED - The DLP parameters (MessageContainsDataClassifications, ExceptIfMessageContainsDataClassifications, ExceptIfHasSenderOverride, HasSenderOverride and NotifySender) are deprecated and will be ignored.' } $SetTransportRuleParams = $NewTransportRuleParams.Clone() @@ -1797,6 +1797,20 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentTransportRuleConfig.Ensure -eq 'Absent') { Write-Verbose -Message "Transport Rule '$($Name)' does not exist but it should. Create and configure it." + + $nullKeysToRemove = @() + foreach ($key in $NewTransportRuleParams.Keys) + { + if ($NewTransportRuleParams.$key.GetType().Name -eq 'String[]' -and $NewTransportRuleParams.$key.Length -eq 0) + { + $nullKeysToRemove += $key + } + } + foreach ($paramToRemove in $nullKeysToRemove) + { + $NewTransportRuleParams.Remove($paramToRemove) | Out-Null + } + # Create Transport Rule New-TransportRule @NewTransportRuleParams @@ -1809,7 +1823,34 @@ function Set-TargetResource } # CASE: Transport Rule exists and it should, but has different values than the desired ones elseif ($Ensure -eq 'Present' -and $currentTransportRuleConfig.Ensure -eq 'Present') - { + { + if ($null -ne $HeaderContainsMessageHeader -and $null -eq $currentTransportRuleConfig.HeaderContainsMessageHeader) + { + $SetTransportRuleParams.Add("HeaderContainsMessageHeader",$null) + } + if ($null -ne $HeaderMatchesPatterns -and $null -eq $currentTransportRuleConfig.HeaderMatchesMessageHeader) + { + $SetTransportRuleParams.Add("HeaderMatchesMessageHeader",$null) + } + if ($null -ne $ExceptIfHeaderContainsWords -and $null -eq $currentTransportRuleConfig.ExceptIfHeaderContainsMessageHeader) + { + $SetTransportRuleParams.Add("ExceptIfHeaderContainsMessageHeader",$null) + } + if ($null -ne $ExceptIfHeaderMatchesPatterns -and $null -eq $currentTransportRuleConfig.ExceptIfHeaderMatchesMessageHeader) + { + $SetTransportRuleParams.Add("ExceptIfHeaderMatchesMessageHeader",$null) + } + if ($null -ne $ApplyOME) + { + Write-Warning -Message "ApplyOME is deprecated. Use ApplyRightsProtectionTemplate instead." + $SetTransportRuleParams.Remove("ApplyOME") | Out-Null + } + if ($null -ne $RemoveOME) + { + Write-Warning -Message "RemoveOME is deprecated. Use RemoveOMEv2 instead." + $SetTransportRuleParams.Remove("RemoveOME") | Out-Null + } + Write-Verbose -Message "Transport Rule '$($Name)' already exists, but needs updating." Write-Verbose -Message "Setting Transport Rule $($Name) with values: $(Convert-M365DscHashtableToString -Hashtable $SetTransportRuleParams)" Set-TransportRule @SetTransportRuleParams diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/settings.json index 128a6b536d..c0378af3cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/settings.json @@ -8,7 +8,7 @@ "update": [ "Exchange Administrator" ] - }, + }, "permissions": { "graph": { "delegated": { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 index 52a0e3bea4..c8230fed2e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -574,7 +574,7 @@ function Get-TargetResource } else { - $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + "/v1/admin/tenantsettings" + $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings' $instance = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' } if ($null -eq $instance) @@ -584,136 +584,136 @@ function Get-TargetResource $results = @{ IsSingleInstance = 'Yes' - AADSSOForGateway = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AADSSOForGateway'}) - AdminApisIncludeDetailedMetadata = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AdminApisIncludeDetailedMetadata'}) - AdminApisIncludeExpressions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AdminApisIncludeExpressions'}) - AdminCustomDisclaimer = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AdminCustomDisclaimer'}) - AISkillArtifactTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AISkillArtifactTenantSwitch'}) - AllowAccessOverPrivateLinks = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowAccessOverPrivateLinks'}) - AllowCVAuthenticationTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowCVAuthenticationTenant'}) - AllowCVLocalStorageV2Tenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowCVLocalStorageV2Tenant'}) - AllowCVToExportDataToFileTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowCVToExportDataToFileTenant'}) - AllowEndorsementMasterDataSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowEndorsementMasterDataSwitch'}) - AllowExternalDataSharingReceiverSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowExternalDataSharingReceiverSwitch'}) - AllowExternalDataSharingSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowExternalDataSharingSwitch'}) - AllowFreeTrial = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowFreeTrial'}) - AllowGuestLookup = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowGuestLookup'}) - AllowGuestUserToAccessSharedContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowGuestUserToAccessSharedContent'}) - AllowPowerBIASDQOnTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowPowerBIASDQOnTenant'}) - AllowSendAOAIDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowSendAOAIDataToOtherRegions'}) - AllowSendNLToDaxDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowSendNLToDaxDataToOtherRegions'}) - AllowServicePrincipalsCreateAndUseProfiles = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowServicePrincipalsCreateAndUseProfiles'}) - AllowServicePrincipalsUseReadAdminAPIs = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AllowServicePrincipalsUseReadAdminAPIs'}) - AppPush = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AppPush'}) - ArtifactSearchTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ArtifactSearchTenant'}) - ASCollectQueryTextTelemetryTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASCollectQueryTextTelemetryTenantSwitch'}) - ASShareableCloudConnectionBindingSecurityModeTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASShareableCloudConnectionBindingSecurityModeTenant'}) - ASWritethruContinuousExportTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASWritethruContinuousExportTenantSwitch'}) - ASWritethruTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ASWritethruTenantSwitch'}) - AutoInstallPowerBIAppInTeamsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AutoInstallPowerBIAppInTeamsTenant'}) - AutomatedInsightsEntryPoints = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AutomatedInsightsEntryPoints'}) - AutomatedInsightsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AutomatedInsightsTenant'}) - AzureMap = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'AzureMap'}) - BingMap = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BingMap'}) - BlockAccessFromPublicNetworks = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockAccessFromPublicNetworks'}) - BlockAutoDiscoverAndPackageRefresh = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockAutoDiscoverAndPackageRefresh'}) - BlockProtectedLabelSharingToEntireOrg = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockProtectedLabelSharingToEntireOrg'}) - BlockResourceKeyAuthentication = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'BlockResourceKeyAuthentication'}) - CDSAManagement = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CDSAManagement'}) - CertifiedCustomVisualsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CertifiedCustomVisualsTenant'}) - CertifyDatasets = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CertifyDatasets'}) - ConfigureFolderRetentionPeriod = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ConfigureFolderRetentionPeriod'}) - CreateAppWorkspaces = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CreateAppWorkspaces'}) - CustomVisualsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'CustomVisualsTenant'}) - DatamartTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DatamartTenant'}) - DatasetExecuteQueries = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DatasetExecuteQueries'}) - DevelopServiceApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DevelopServiceApps'}) - DiscoverDatasetsConsumption = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DiscoverDatasetsConsumption'}) - DiscoverDatasetsSettingsCertified = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DiscoverDatasetsSettingsCertified'}) - DiscoverDatasetsSettingsPromoted = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DiscoverDatasetsSettingsPromoted'}) - DremioSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'DremioSSO'}) - EimInformationProtectionDataSourceInheritanceSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionDataSourceInheritanceSetting'}) - EimInformationProtectionDownstreamInheritanceSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionDownstreamInheritanceSetting'}) - EimInformationProtectionEdit = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionEdit'}) - EimInformationProtectionLessElevated = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionLessElevated'}) - EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting'}) - ElevatedGuestsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ElevatedGuestsTenant'}) - EmailSecurityGroupsOnOutage = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSecurityGroupsOnOutage'}) - EmailSubscriptionsToB2BUsers = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSubscriptionsToB2BUsers'}) - EmailSubscriptionsToExternalUsers = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSubscriptionsToExternalUsers'}) - EmailSubscriptionTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EmailSubscriptionTenant'}) - Embedding = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'Embedding'}) - EnableAOAI = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableAOAI'}) - EnableDatasetInPlaceSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableDatasetInPlaceSharing'}) - EnableExcelYellowIntegration = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableExcelYellowIntegration'}) - EnableFabricAirflow = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableFabricAirflow'}) - EnableNLToDax = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableNLToDax'}) - EnableReassignDataDomainSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EnableReassignDataDomainSwitch'}) - EsriVisual = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'EsriVisual'}) - ExpFlightingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExpFlightingTenant'}) - ExportReport = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportReport'}) - ExportToCsv = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToCsv'}) - ExportToExcelSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToExcelSetting'}) - ExportToImage = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToImage'}) - ExportToMHTML = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToMHTML'}) - ExportToPowerPoint = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToPowerPoint'}) - ExportToWord = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToWord'}) - ExportToXML = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportToXML'}) - ExportVisualImageTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExportVisualImageTenant'}) - ExternalDatasetSharingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExternalDatasetSharingTenant'}) - ExternalSharingV2 = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ExternalSharingV2'}) - FabricAddPartnerWorkload = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricAddPartnerWorkload'}) - FabricFeedbackTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricFeedbackTenantSwitch'}) - FabricGAWorkloads = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricGAWorkloads'}) - FabricThirdPartyWorkloads = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'FabricThirdPartyWorkloads'}) - GitHubTenantSettings = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitHubTenantSettings'}) - GitIntegrationCrossGeoTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitIntegrationCrossGeoTenantSwitch'}) - GitIntegrationSensitivityLabelsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitIntegrationSensitivityLabelsTenantSwitch'}) - GitIntegrationTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GitIntegrationTenantSwitch'}) - GoogleBigQuerySSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GoogleBigQuerySSO'}) - GraphQLTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'GraphQLTenant'}) - HealthcareSolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'HealthcareSolutionsTenantSwitch'}) - InstallNonvalidatedTemplateApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'InstallNonvalidatedTemplateApps'}) - InstallServiceApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'InstallServiceApps'}) - KustoDashboardTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'KustoDashboardTenantSwitch'}) - LiveConnection = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'LiveConnection'}) - LogAnalyticsAttachForWorkspaceAdmins = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'LogAnalyticsAttachForWorkspaceAdmins'}) - M365DataSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'M365DataSharing'}) - Mirroring = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'Mirroring'}) - ODSPRefreshEnforcementTenantAllowAutomaticUpdate = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ODSPRefreshEnforcementTenantAllowAutomaticUpdate'}) - OneDriveSharePointAllowSharingTenantSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneDriveSharePointAllowSharingTenantSetting'}) - OneDriveSharePointViewerIntegrationTenantSettingV2 = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneDriveSharePointViewerIntegrationTenantSettingV2'}) - OneLakeFileExplorer = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneLakeFileExplorer'}) - OneLakeForThirdParty = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OneLakeForThirdParty'}) - OnPremAnalyzeInExcel = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'OnPremAnalyzeInExcel'}) - PowerBIGoalsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PowerBIGoalsTenant'}) - PowerPlatformSolutionsIntegrationTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PowerPlatformSolutionsIntegrationTenant'}) - Printing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'Printing'}) - PromoteContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PromoteContent'}) - PublishContentPack = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PublishContentPack'}) - PublishToWeb = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'PublishToWeb'}) - QnaFeedbackLoop = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'QnaFeedbackLoop'}) - QnaLsdlSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'QnaLsdlSharing'}) - QueryScaleOutTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'QueryScaleOutTenant'}) - RedshiftSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RedshiftSSO'}) - RestrictMyFolderCapacity = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RestrictMyFolderCapacity'}) - RetailSolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RetailSolutionsTenantSwitch'}) - RScriptVisual = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'RScriptVisual'}) - ServicePrincipalAccess = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ServicePrincipalAccess'}) - ShareLinkToEntireOrg = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ShareLinkToEntireOrg'}) - ShareToTeamsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'ShareToTeamsTenant'}) - SnowflakeSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'SnowflakeSSO'}) - StorytellingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'StorytellingTenant'}) - SustainabilitySolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'SustainabilitySolutionsTenantSwitch'}) - TemplatePublish = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'TemplatePublish'}) - TenantSettingPublishGetHelpInfo = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'TenantSettingPublishGetHelpInfo'}) - TridentPrivatePreview = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'TridentPrivatePreview'}) - UsageMetrics = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'UsageMetrics'}) - UsageMetricsTrackUserLevelInfo = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'UsageMetricsTrackUserLevelInfo'}) - UseDatasetsAcrossWorkspaces = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'UseDatasetsAcrossWorkspaces'}) - VisualizeListInPowerBI = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'VisualizeListInPowerBI'}) - WebContentTilesTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'WebContentTilesTenant'}) - WebModelingTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript {$_.settingName -eq 'WebModelingTenantSwitch'}) + AADSSOForGateway = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AADSSOForGateway' }) + AdminApisIncludeDetailedMetadata = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AdminApisIncludeDetailedMetadata' }) + AdminApisIncludeExpressions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AdminApisIncludeExpressions' }) + AdminCustomDisclaimer = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AdminCustomDisclaimer' }) + AISkillArtifactTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AISkillArtifactTenantSwitch' }) + AllowAccessOverPrivateLinks = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowAccessOverPrivateLinks' }) + AllowCVAuthenticationTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowCVAuthenticationTenant' }) + AllowCVLocalStorageV2Tenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowCVLocalStorageV2Tenant' }) + AllowCVToExportDataToFileTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowCVToExportDataToFileTenant' }) + AllowEndorsementMasterDataSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowEndorsementMasterDataSwitch' }) + AllowExternalDataSharingReceiverSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowExternalDataSharingReceiverSwitch' }) + AllowExternalDataSharingSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowExternalDataSharingSwitch' }) + AllowFreeTrial = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowFreeTrial' }) + AllowGuestLookup = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowGuestLookup' }) + AllowGuestUserToAccessSharedContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowGuestUserToAccessSharedContent' }) + AllowPowerBIASDQOnTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowPowerBIASDQOnTenant' }) + AllowSendAOAIDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowSendAOAIDataToOtherRegions' }) + AllowSendNLToDaxDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowSendNLToDaxDataToOtherRegions' }) + AllowServicePrincipalsCreateAndUseProfiles = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowServicePrincipalsCreateAndUseProfiles' }) + AllowServicePrincipalsUseReadAdminAPIs = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowServicePrincipalsUseReadAdminAPIs' }) + AppPush = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AppPush' }) + ArtifactSearchTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ArtifactSearchTenant' }) + ASCollectQueryTextTelemetryTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ASCollectQueryTextTelemetryTenantSwitch' }) + ASShareableCloudConnectionBindingSecurityModeTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ASShareableCloudConnectionBindingSecurityModeTenant' }) + ASWritethruContinuousExportTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ASWritethruContinuousExportTenantSwitch' }) + ASWritethruTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ASWritethruTenantSwitch' }) + AutoInstallPowerBIAppInTeamsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AutoInstallPowerBIAppInTeamsTenant' }) + AutomatedInsightsEntryPoints = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AutomatedInsightsEntryPoints' }) + AutomatedInsightsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AutomatedInsightsTenant' }) + AzureMap = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AzureMap' }) + BingMap = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'BingMap' }) + BlockAccessFromPublicNetworks = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'BlockAccessFromPublicNetworks' }) + BlockAutoDiscoverAndPackageRefresh = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'BlockAutoDiscoverAndPackageRefresh' }) + BlockProtectedLabelSharingToEntireOrg = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'BlockProtectedLabelSharingToEntireOrg' }) + BlockResourceKeyAuthentication = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'BlockResourceKeyAuthentication' }) + CDSAManagement = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'CDSAManagement' }) + CertifiedCustomVisualsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'CertifiedCustomVisualsTenant' }) + CertifyDatasets = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'CertifyDatasets' }) + ConfigureFolderRetentionPeriod = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ConfigureFolderRetentionPeriod' }) + CreateAppWorkspaces = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'CreateAppWorkspaces' }) + CustomVisualsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'CustomVisualsTenant' }) + DatamartTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DatamartTenant' }) + DatasetExecuteQueries = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DatasetExecuteQueries' }) + DevelopServiceApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DevelopServiceApps' }) + DiscoverDatasetsConsumption = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DiscoverDatasetsConsumption' }) + DiscoverDatasetsSettingsCertified = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DiscoverDatasetsSettingsCertified' }) + DiscoverDatasetsSettingsPromoted = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DiscoverDatasetsSettingsPromoted' }) + DremioSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'DremioSSO' }) + EimInformationProtectionDataSourceInheritanceSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EimInformationProtectionDataSourceInheritanceSetting' }) + EimInformationProtectionDownstreamInheritanceSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EimInformationProtectionDownstreamInheritanceSetting' }) + EimInformationProtectionEdit = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EimInformationProtectionEdit' }) + EimInformationProtectionLessElevated = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EimInformationProtectionLessElevated' }) + EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting' }) + ElevatedGuestsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ElevatedGuestsTenant' }) + EmailSecurityGroupsOnOutage = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EmailSecurityGroupsOnOutage' }) + EmailSubscriptionsToB2BUsers = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EmailSubscriptionsToB2BUsers' }) + EmailSubscriptionsToExternalUsers = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EmailSubscriptionsToExternalUsers' }) + EmailSubscriptionTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EmailSubscriptionTenant' }) + Embedding = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'Embedding' }) + EnableAOAI = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EnableAOAI' }) + EnableDatasetInPlaceSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EnableDatasetInPlaceSharing' }) + EnableExcelYellowIntegration = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EnableExcelYellowIntegration' }) + EnableFabricAirflow = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EnableFabricAirflow' }) + EnableNLToDax = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EnableNLToDax' }) + EnableReassignDataDomainSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EnableReassignDataDomainSwitch' }) + EsriVisual = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'EsriVisual' }) + ExpFlightingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExpFlightingTenant' }) + ExportReport = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportReport' }) + ExportToCsv = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToCsv' }) + ExportToExcelSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToExcelSetting' }) + ExportToImage = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToImage' }) + ExportToMHTML = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToMHTML' }) + ExportToPowerPoint = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToPowerPoint' }) + ExportToWord = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToWord' }) + ExportToXML = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportToXML' }) + ExportVisualImageTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExportVisualImageTenant' }) + ExternalDatasetSharingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExternalDatasetSharingTenant' }) + ExternalSharingV2 = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ExternalSharingV2' }) + FabricAddPartnerWorkload = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'FabricAddPartnerWorkload' }) + FabricFeedbackTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'FabricFeedbackTenantSwitch' }) + FabricGAWorkloads = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'FabricGAWorkloads' }) + FabricThirdPartyWorkloads = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'FabricThirdPartyWorkloads' }) + GitHubTenantSettings = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'GitHubTenantSettings' }) + GitIntegrationCrossGeoTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'GitIntegrationCrossGeoTenantSwitch' }) + GitIntegrationSensitivityLabelsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'GitIntegrationSensitivityLabelsTenantSwitch' }) + GitIntegrationTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'GitIntegrationTenantSwitch' }) + GoogleBigQuerySSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'GoogleBigQuerySSO' }) + GraphQLTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'GraphQLTenant' }) + HealthcareSolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'HealthcareSolutionsTenantSwitch' }) + InstallNonvalidatedTemplateApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'InstallNonvalidatedTemplateApps' }) + InstallServiceApps = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'InstallServiceApps' }) + KustoDashboardTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'KustoDashboardTenantSwitch' }) + LiveConnection = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'LiveConnection' }) + LogAnalyticsAttachForWorkspaceAdmins = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'LogAnalyticsAttachForWorkspaceAdmins' }) + M365DataSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'M365DataSharing' }) + Mirroring = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'Mirroring' }) + ODSPRefreshEnforcementTenantAllowAutomaticUpdate = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ODSPRefreshEnforcementTenantAllowAutomaticUpdate' }) + OneDriveSharePointAllowSharingTenantSetting = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'OneDriveSharePointAllowSharingTenantSetting' }) + OneDriveSharePointViewerIntegrationTenantSettingV2 = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'OneDriveSharePointViewerIntegrationTenantSettingV2' }) + OneLakeFileExplorer = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'OneLakeFileExplorer' }) + OneLakeForThirdParty = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'OneLakeForThirdParty' }) + OnPremAnalyzeInExcel = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'OnPremAnalyzeInExcel' }) + PowerBIGoalsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'PowerBIGoalsTenant' }) + PowerPlatformSolutionsIntegrationTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'PowerPlatformSolutionsIntegrationTenant' }) + Printing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'Printing' }) + PromoteContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'PromoteContent' }) + PublishContentPack = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'PublishContentPack' }) + PublishToWeb = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'PublishToWeb' }) + QnaFeedbackLoop = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'QnaFeedbackLoop' }) + QnaLsdlSharing = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'QnaLsdlSharing' }) + QueryScaleOutTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'QueryScaleOutTenant' }) + RedshiftSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'RedshiftSSO' }) + RestrictMyFolderCapacity = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'RestrictMyFolderCapacity' }) + RetailSolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'RetailSolutionsTenantSwitch' }) + RScriptVisual = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'RScriptVisual' }) + ServicePrincipalAccess = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ServicePrincipalAccess' }) + ShareLinkToEntireOrg = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ShareLinkToEntireOrg' }) + ShareToTeamsTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ShareToTeamsTenant' }) + SnowflakeSSO = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'SnowflakeSSO' }) + StorytellingTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'StorytellingTenant' }) + SustainabilitySolutionsTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'SustainabilitySolutionsTenantSwitch' }) + TemplatePublish = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'TemplatePublish' }) + TenantSettingPublishGetHelpInfo = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'TenantSettingPublishGetHelpInfo' }) + TridentPrivatePreview = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'TridentPrivatePreview' }) + UsageMetrics = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'UsageMetrics' }) + UsageMetricsTrackUserLevelInfo = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'UsageMetricsTrackUserLevelInfo' }) + UseDatasetsAcrossWorkspaces = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'UseDatasetsAcrossWorkspaces' }) + VisualizeListInPowerBI = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'VisualizeListInPowerBI' }) + WebContentTilesTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'WebContentTilesTenant' }) + WebModelingTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'WebModelingTenantSwitch' }) ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint @@ -1285,7 +1285,7 @@ function Set-TargetResource $AccessTokens ) - Write-Warning -Message "This resource is read-only and does not support changing the settings. It is used for monitoring purposes only." + Write-Warning -Message 'This resource is read-only and does not support changing the settings. It is used for monitoring purposes only.' } function Test-TargetResource @@ -1941,7 +1941,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + "/v1/admin/tenantsettings" + $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings' [array] $Script:exportedInstances = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' if ($null -ne $Global:M365DSCExportResourceInstancesCount) @@ -1985,7 +1985,7 @@ function Export-TargetResource $fixQuotes = $true } $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName $key + -ParameterName $key } } if ($fixQuotes) @@ -1995,7 +1995,7 @@ function Export-TargetResource $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName - Write-Host $Global:M365DSCEmojiGreenCheckMark + Write-Host $Global:M365DSCEmojiGreenCheckMark return $dscContent } catch @@ -2044,7 +2044,7 @@ function Get-M365DSCFabricTenantSettingAsString $StringContent += " title = '" + $setting.title.Replace("'", "''") + "'`r`n" if (-not [System.String]::IsNullOrEmpty($setting.properties)) { - $StringContent += " properties = @(" + $StringContent += ' properties = @(' foreach ($property in $setting.properties) { $StringContent += " MSFT_FabricTenantSettingProperty{`r`n" @@ -2053,7 +2053,7 @@ function Get-M365DSCFabricTenantSettingAsString $StringContent += " type = '$($property.type)'`r`n" $StringContent += " }`r`n" } - $StringContent += ")" + $StringContent += ')' } if (-not [System.String]::IsNullOrEmpty($setting.excludedSecurityGroups)) { @@ -2086,9 +2086,9 @@ function Get-M365DSCFabricTenantSettingObject Write-Verbose -Message "Retrieving values for setting {$($Setting.settingName)}" $values = @{ - settingName = $Setting.settingName - enabled = [Boolean]$Setting.enabled - title = $Setting.title + settingName = $Setting.settingName + enabled = [Boolean]$Setting.enabled + title = $Setting.title } if (-not [System.String]::IsNullOrEmpty($Setting.canSpecifySecurityGroups)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 631222ea79..7c11b42a97 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -196,7 +196,7 @@ function Get-TargetResource $policy = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue } - if(([array]$policy).count -gt 1) + if (([array]$policy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -249,7 +249,7 @@ function Get-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*') { if (Assert-M365DSCIsNonInteractiveShell) { @@ -456,19 +456,19 @@ function Set-TargetResource $PSBoundParameters.Remove('AccessTokens') | Out-Null $IncorrectParameters = @{ - BlockPersistenceThroughWmiType = @("userDefined", "warn") - OfficeAppsOtherProcessInjectionType = "userDefined" - OfficeAppsLaunchChildProcessType = "userDefined" - OfficeAppsExecutableContentCreationOrLaunchType = "userDefined" - OfficeMacroCodeAllowWin32ImportsType = "userDefined" - OfficeCommunicationAppsLaunchChildProcess = "disable" - ScriptObfuscatedMacroCodeType = "userDefined" - ScriptDownloadedPayloadExecutionType = @("userDefined", "warn") - ProcessCreationType = "userDefined" - UntrustedUSBProcessType = "userDefined" - UntrustedExecutableType = "userDefined" - EmailContentExecutionType = "userDefined" - GuardMyFoldersType = "userDefined" + BlockPersistenceThroughWmiType = @('userDefined', 'warn') + OfficeAppsOtherProcessInjectionType = 'userDefined' + OfficeAppsLaunchChildProcessType = 'userDefined' + OfficeAppsExecutableContentCreationOrLaunchType = 'userDefined' + OfficeMacroCodeAllowWin32ImportsType = 'userDefined' + OfficeCommunicationAppsLaunchChildProcess = 'disable' + ScriptObfuscatedMacroCodeType = 'userDefined' + ScriptDownloadedPayloadExecutionType = @('userDefined', 'warn') + ProcessCreationType = 'userDefined' + UntrustedUSBProcessType = 'userDefined' + UntrustedExecutableType = 'userDefined' + EmailContentExecutionType = 'userDefined' + GuardMyFoldersType = 'userDefined' } $ExceptionMessage = $null @@ -487,7 +487,7 @@ function Set-TargetResource if (![string]::IsNullOrEmpty($ExceptionMessage)) { - $ExceptionMessage += "Please update your configuration." + $ExceptionMessage += 'Please update your configuration.' Write-Verbose -Message $ExceptionMessage New-M365DSCLogEntry -Message $ExceptionMessage ` @@ -523,7 +523,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' } @@ -557,7 +557,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentPolicy.Identity ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentPolicy.Identity ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' #endregion @@ -773,7 +773,7 @@ function Test-TargetResource if ($testResult) { $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` + -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys } @@ -929,8 +929,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index b9fc29e2af..096e29a19d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -564,7 +564,7 @@ function Test-TargetResource { $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - if ($key -eq "Assignments") + if ($key -eq 'Assignments') { $testResult = Compare-M365DSCIntunePolicyAssignment ` -Source $source ` @@ -740,8 +740,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 index 5ea0434c2c..4e3faa7acd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 @@ -92,7 +92,7 @@ function Get-TargetResource { $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" -ErrorAction SilentlyContinue - if(([array]$devicePolicy).Count -gt 1) + if (([array]$devicePolicy).Count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -165,8 +165,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $returnHashtable.Add('Assignments', $returnAssignments) @@ -175,7 +175,7 @@ function Get-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*') { if (Assert-M365DSCIsNonInteractiveShell) { @@ -301,8 +301,8 @@ function Set-TargetResource $createParameters.Add('platforms', $platforms) $createParameters.Add('technologies', $technologies) $createParameters.Add('templateReference', @{ - templateId = $templateReferenceId - }) + templateId = $templateReferenceId + }) $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters #region Assignments @@ -645,8 +645,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -678,14 +678,14 @@ function Get-M365DSCIntuneDeviceConfigurationSettings $settingDefinition = 'device_vendor_msft_policy_config_localusersandgroups_configure' $defaultValue = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' 'settingInstance' = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' - 'settingDefinitionId' = $settingDefinition - 'groupSettingCollectionValue' = @() + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + 'settingDefinitionId' = $settingDefinition + 'groupSettingCollectionValue' = @() 'settingInstanceTemplateReference' = @{ 'settingInstanceTemplateId' = 'de06bec1-4852-48a0-9799-cf7b85992d45' - } + } } } foreach ($groupConfiguration in $Properties.LocalUserGroupCollection) @@ -698,38 +698,38 @@ function Get-M365DSCIntuneDeviceConfigurationSettings $groupDefaultValue = @{ children = @( @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' - 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup' - 'groupSettingCollectionValue' = @( + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup' + 'groupSettingCollectionValue' = @( @{ 'children' = @( @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup_userselectiontype' - 'choiceSettingValue' = @{ + 'choiceSettingValue' = @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue' - 'value' = $settingDefinition + '_groupconfiguration_accessgroup_userselectiontype_' + $groupConfiguration.UserSelectionType - 'children' = @( + 'value' = $settingDefinition + '_groupconfiguration_accessgroup_userselectiontype_' + $groupConfiguration.UserSelectionType + 'children' = @( @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup_users' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup_users' 'simpleSettingCollectionValue' = @() } ) } }, @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup_action' - 'choiceSettingValue' = @{ + 'choiceSettingValue' = @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue' - 'value' = $settingDefinition + '_groupconfiguration_accessgroup_action_' + $groupConfiguration.Action - 'children' = @() + 'value' = $settingDefinition + '_groupconfiguration_accessgroup_action_' + $groupConfiguration.Action + 'children' = @() } }, @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance' - 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup_desc' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance' + 'settingDefinitionId' = $settingDefinition + '_groupconfiguration_accessgroup_desc' 'choiceSettingCollectionValue' = @() } ) @@ -746,7 +746,7 @@ function Get-M365DSCIntuneDeviceConfigurationSettings { $groupDefaultValue.children[0].groupSettingCollectionValue[0].children[0].choiceSettingValue.children[0].simpleSettingCollectionValue += @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - 'value' = $member + 'value' = $member } } @@ -754,8 +754,8 @@ function Get-M365DSCIntuneDeviceConfigurationSettings { $groupDefaultValue.children[0].groupSettingCollectionValue[0].children[2].choiceSettingCollectionValue += @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue' - 'value' = $settingDefinition + '_groupconfiguration_accessgroup_desc_' + $localGroup - 'children' = @() + 'value' = $settingDefinition + '_groupconfiguration_accessgroup_desc_' + $localGroup + 'children' = @() } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index a7d21f2100..c6bb81224f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -148,7 +148,7 @@ function Get-TargetResource { #Retrieve policy general settings - $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ExpandProperty settings,assignments -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ExpandProperty settings, assignments -ErrorAction SilentlyContinue if ($null -eq $policy) { @@ -164,12 +164,12 @@ function Get-TargetResource return $nullResult } - if(([array]$policy).count -gt 1) + if (([array]$policy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } - $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $policy.id -ExpandProperty settings,assignments -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $policy.id -ExpandProperty settings, assignments -ErrorAction SilentlyContinue } @@ -184,7 +184,7 @@ function Get-TargetResource foreach ($setting in $settings) { - $settingName = $setting.definitionId.Split("_")[1] + $settingName = $setting.definitionId.Split('_')[1] $settingValue = $setting.ValueJson | ConvertFrom-Json if ($settingName -eq 'WindowsHelloForBusinessBlocked') @@ -226,7 +226,7 @@ function Get-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*') { if (Assert-M365DSCIsNonInteractiveShell) { @@ -372,7 +372,7 @@ function Set-TargetResource ) Write-Warning -Message "The resource 'IntuneAccountProtectionPolicy' is deprecated. It will be removed in a future release. Please use 'IntuneAccountProtectionPolicyWindows10' instead." - Write-Warning -Message "For more information, please visit https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#consolidation-of-intune-profiles-for-identity-protection-and-account-protection-" + Write-Warning -Message 'For more information, please visit https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#consolidation-of-intune-profiles-for-identity-protection-and-account-protection-' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -424,7 +424,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' } @@ -451,7 +451,7 @@ function Set-TargetResource #Update-MgBetaDeviceManagementIntent does not support updating the property settings #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time #Using Rest to reduce the number of calls - + $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null @@ -459,7 +459,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentPolicy.Identity ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentPolicy.Identity ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' #endregion @@ -797,8 +797,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -843,7 +843,7 @@ function Get-M365DSCIntuneDeviceConfigurationSettings $result = @{} $settingType = $setting.AdditionalProperties.'@odata.type' $settingValue = $null - $currentValueKey = $Properties.keys | Where-Object -FilterScript { $_ -eq $setting.DefinitionId.Split("_")[1] } + $currentValueKey = $Properties.keys | Where-Object -FilterScript { $_ -eq $setting.DefinitionId.Split('_')[1] } if ($null -ne $currentValueKey) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 index dce9a3ba73..dbf21af696 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 @@ -90,7 +90,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -363,7 +363,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Account Protection Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -395,7 +395,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Account Protection Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -631,14 +631,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "fcef01f2-439d-4c3f-9184-823fd6e97646_1" + $policyTemplateID = 'fcef01f2-439d-4c3f-9184-823fd6e97646_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -664,16 +664,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -728,16 +728,16 @@ function Export-TargetResource -Credential $Credential if ($Results.DeviceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceSettings" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceSettings' -IsCIMArray:$True } if ($Results.UserSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserSettings" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserSettings' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/settings.json index 7e45256fd1..2215c48275 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/settings.json @@ -1,41 +1,41 @@ { - "resourceName":"IntuneAccountProtectionPolicyWindows10", - "description":"This resource configures an Intune Account Protection Policy for Windows10.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ + "resourceName": "IntuneAccountProtectionPolicyWindows10", + "description": "This resource configures an Intune Account Protection Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] }, - "application":{ - "read":[ + "application": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 index 3916bbb6ef..12c7118142 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 @@ -105,20 +105,23 @@ -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data - #endregion + #endregion $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $id -ErrorAction SilentlyContinue } - + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $id -ErrorAction SilentlyContinue + } + #region resource generator code if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreAppConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreAppConfiguration' ` } } #endregion @@ -138,8 +141,8 @@ $mySettings = @{} $mySettings.Add('permission', $setting['permission']) $mySettings.Add('action', $setting['action']) - - if ($mySettings.values.Where({$null -ne $_}).count -gt 0) + + if ($mySettings.values.Where({ $null -ne $_ }).count -gt 0) { $complexPermissionActions += $mySettings } @@ -147,34 +150,34 @@ $results = @{ #region resource generator code - Id = $getValue.Id - Description = $getValue.Description - DisplayName = $getValue.DisplayName - targetedMobileApps = $getValue.TargetedMobileApps - packageId = $getValue.AdditionalProperties.packageId - payloadJson = $getValue.AdditionalProperties.payloadJson - appSupportsOemConfig = $getValue.AdditionalProperties.appSupportsOemConfig - profileApplicability = $getValue.AdditionalProperties.profileApplicability - connectedAppsEnabled = $getValue.AdditionalProperties.connectedAppsEnabled - permissionActions = $complexPermissionActions - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - version = $getValue.AdditionalProperties.version + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + targetedMobileApps = $getValue.TargetedMobileApps + packageId = $getValue.AdditionalProperties.packageId + payloadJson = $getValue.AdditionalProperties.payloadJson + appSupportsOemConfig = $getValue.AdditionalProperties.appSupportsOemConfig + profileApplicability = $getValue.AdditionalProperties.profileApplicability + connectedAppsEnabled = $getValue.AdditionalProperties.connectedAppsEnabled + permissionActions = $complexPermissionActions + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version } - + $assignmentsValues = Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment -ManagedDeviceMobileAppConfigurationId $Results.Id $assignmentResult = @() if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -196,7 +199,7 @@ function Set-TargetResource { [CmdletBinding()] param - ( + ( #region resource generator code [Parameter()] [System.String] @@ -340,7 +343,7 @@ function Set-TargetResource } $CreateParameters.add('AdditionalProperties', $AdditionalProperties) - + #region resource generator code $policy = New-MgBetaDeviceAppManagementMobileAppConfiguration @CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -736,13 +739,13 @@ function Export-TargetResource $i++ Write-Host $Global:M365DSCEmojiGreenCheckMark } - + return $dscContent } catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof index 55f79afabc..0d19b585e9 100644 Binary files a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof and b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.schema.mof differ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 index 37acc5dd48..39eb059aab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 @@ -86,7 +86,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -144,7 +144,7 @@ function Get-TargetResource { $myExclusions.Add('Exclusions_item_isDirectory', $currentExclusions.exclusions_item_isDirectory) } - if ($myExclusions.values.Where({$null -ne $_}).Count -gt 0) + if ($myExclusions.values.Where({ $null -ne $_ }).Count -gt 0) { $complexExclusions += $myExclusions } @@ -279,7 +279,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Antivirus Exclusions Policy Linux with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -310,7 +310,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Antivirus Exclusions Policy Linux with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -541,14 +541,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "8a17a1e5-3df4-4e07-9d20-3878267a79b8_1" + $policyTemplateID = '8a17a1e5-3df4-4e07-9d20-3878267a79b8_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -574,16 +574,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -624,12 +624,12 @@ function Export-TargetResource -Credential $Credential if ($Results.Exclusions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Exclusions" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Exclusions' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/settings.json index c1652d31e4..e87220b54e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/settings.json @@ -1,39 +1,38 @@ { - "resourceName": "IntuneAntivirusExclusionsPolicyLinux", - "description": "This resource configures an Intune Antivirus Exclusions Policy Linux.", - "permissions": { - "graph": { - "application": { - "update": [ - { - "name": "Group.Read.All" - } - ], - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "Group.Read.All" - } - ] - }, - "delegated": { - "update": [ - { - "name": "Group.Read.All" - } - ], - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "Group.Read.All" - } - ] + "resourceName": "IntuneAntivirusExclusionsPolicyLinux", + "description": "This resource configures an Intune Antivirus Exclusions Policy Linux.", + "permissions": { + "graph": { + "application": { + "update": [ + { + "name": "Group.Read.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "delegated": { + "update": [ + { + "name": "Group.Read.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 index 8875f95e1d..531bbab484 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 @@ -86,7 +86,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -144,7 +144,7 @@ function Get-TargetResource { $myExclusions.Add('Exclusions_item_path', $currentExclusions.exclusions_item_path) } - if ($myExclusions.values.Where({$null -ne $_}).Count -gt 0) + if ($myExclusions.values.Where({ $null -ne $_ }).Count -gt 0) { $complexExclusions += $myExclusions } @@ -279,7 +279,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Antivirus Exclusions Policy for macOS with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -310,7 +310,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Antivirus Exclusions Policy for macOS with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -541,14 +541,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "43397174-2244-4006-b5ad-421b369e90d4_1" + $policyTemplateID = '43397174-2244-4006-b5ad-421b369e90d4_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -574,16 +574,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -624,12 +624,12 @@ function Export-TargetResource -Credential $Credential if ($Results.Exclusions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Exclusions" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Exclusions' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/settings.json index d32d971b67..5757d94eef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "IntuneAntivirusExclusionsPolicyMacOS", - "description": "This resource configures an Intune Antivirus Exclusions Policy for macOS.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "Group.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name": "Group.Read.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "Group.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name": "Group.Read.All" - } - ] + "resourceName": "IntuneAntivirusExclusionsPolicyMacOS", + "description": "This resource configures an Intune Antivirus Exclusions Policy for macOS.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 index 172c6bede7..cc250b27ab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 @@ -197,7 +197,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -261,7 +261,7 @@ function Get-TargetResource { $myExclusions.Add('Exclusions_item_isDirectory', $currentExclusions.exclusions_item_isDirectory) } - if ($myExclusions.values.Where({$null -ne $_}).Count -gt 0) + if ($myExclusions.values.Where({ $null -ne $_ }).Count -gt 0) { $complexExclusions += $myExclusions } @@ -280,7 +280,7 @@ function Get-TargetResource { $myThreatTypeSettings.Add('ThreatTypeSettings_item_value', $currentThreatTypeSettings.threatTypeSettings_item_value) } - if ($myThreatTypeSettings.values.Where({$null -ne $_}).Count -gt 0) + if ($myThreatTypeSettings.values.Where({ $null -ne $_ }).Count -gt 0) { $complexThreatTypeSettings += $myThreatTypeSettings } @@ -528,7 +528,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Antivirus Policy for Linux with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -559,7 +559,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Antivirus Policy for Linux with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -901,14 +901,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "4cfd164c-5e8a-4ea9-b15d-9aa71e4ffff4_1" + $policyTemplateID = '4cfd164c-5e8a-4ea9-b15d-9aa71e4ffff4_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -934,16 +934,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -998,16 +998,16 @@ function Export-TargetResource -Credential $Credential if ($Results.exclusions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "exclusions" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'exclusions' -IsCIMArray:$True } if ($Results.threatTypeSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "threatTypeSettings" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'threatTypeSettings' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/settings.json index 996c1ddb08..4b38a295c6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "IntuneAntivirusPolicyLinux", - "description": "This resource configures an Intune Antivirus Policy Linux.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "Group.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name": "Group.Read.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "Group.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name": "Group.Read.All" - } - ] + "resourceName": "IntuneAntivirusPolicyLinux", + "description": "This resource configures an Intune Antivirus Policy Linux.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 index 6162f15e24..30829e2aab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 @@ -200,7 +200,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -264,7 +264,7 @@ function Get-TargetResource { $myExclusions.Add('Exclusions_item_path', $currentExclusions.exclusions_item_path) } - if ($myExclusions.values.Where({$null -ne $_}).Count -gt 0) + if ($myExclusions.values.Where({ $null -ne $_ }).Count -gt 0) { $complexExclusions += $myExclusions } @@ -277,7 +277,7 @@ function Get-TargetResource $myThreatTypeSettings = @{} $myThreatTypeSettings.Add('ThreatTypeSettings_item_key', $currentThreatTypeSettings.threatTypeSettings_item_key) $myThreatTypeSettings.Add('ThreatTypeSettings_item_value', $currentThreatTypeSettings.threatTypeSettings_item_value) - if ($myThreatTypeSettings.values.Where({$null -ne $_}).Count -gt 0) + if ($myThreatTypeSettings.values.Where({ $null -ne $_ }).Count -gt 0) { $complexThreatTypeSettings += $myThreatTypeSettings } @@ -527,7 +527,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Antivirus Policy for macOS with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -558,7 +558,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Antivirus Policy for macOS with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -903,14 +903,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "2d345ec2-c817-49e5-9156-3ed416dc972a_1" + $policyTemplateID = '2d345ec2-c817-49e5-9156-3ed416dc972a_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -936,16 +936,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1000,16 +1000,16 @@ function Export-TargetResource -Credential $Credential if ($Results.exclusions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "exclusions" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'exclusions' -IsCIMArray:$True } if ($Results.threatTypeSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "threatTypeSettings" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'threatTypeSettings' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/settings.json index ce5391c1db..0814555984 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneAntivirusPolicyMacOS", - "description":"This resource configures an Intune Antivirus Policy for macOS.", - "permissions":{ - "graph":{ - "application":{ - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ], - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ] - }, - "delegated":{ - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ], - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ] - } - } - } -} \ No newline at end of file + "resourceName": "IntuneAntivirusPolicyMacOS", + "description": "This resource configures an Intune Antivirus Policy for macOS.", + "permissions": { + "graph": { + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 4175e16dca..3ca3c511c6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -320,7 +320,7 @@ function Get-TargetResource $RandomizeScheduleTaskTimes, [Parameter()] - [ValidateRange(1,23)] + [ValidateRange(1, 23)] [System.Int32] $SchedulerRandomizationTime, @@ -442,7 +442,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' - $templateReferences = "d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1" + $templateReferences = 'd948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1' #Retrieve policy general settings $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue @@ -458,8 +458,8 @@ function Get-TargetResource -Filter "Name eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -in $templateReferences - } + $_.TemplateReference.TemplateId -in $templateReferences + } } } @@ -513,8 +513,8 @@ function Get-TargetResource if ($graphAssignments.Count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $returnHashtable.Add('Assignments', $returnAssignments) @@ -537,8 +537,8 @@ function Get-TargetResource -TenantId $TenantId ` -Credential $Credential - $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult - return $nullResult + $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult + return $nullResult } } @@ -863,7 +863,7 @@ function Set-TargetResource $RandomizeScheduleTaskTimes, [Parameter()] - [ValidateRange(1,23)] + [ValidateRange(1, 23)] [System.Int32] $SchedulerRandomizationTime, @@ -1016,12 +1016,12 @@ function Set-TargetResource -TemplateId $templateReferenceId $createParameters = @{ - Name = $DisplayName - Description = $Description - TemplateReference = @{ templateId = $templateReferenceId } - Platforms = $platforms - Technologies = $technologies - Settings = $settings + Name = $DisplayName + Description = $Description + TemplateReference = @{ templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings } $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters @@ -1389,7 +1389,7 @@ function Test-TargetResource $RandomizeScheduleTaskTimes, [Parameter()] - [ValidateRange(1,23)] + [ValidateRange(1, 23)] [System.Int32] $SchedulerRandomizationTime, @@ -1629,12 +1629,12 @@ function Export-TargetResource try { $templateFamily = 'endpointSecurityAntivirus' - $templateReferences = "d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1" + $templateReferences = 'd948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1' [array]$policies = Get-MgBetaDeviceManagementConfigurationPolicy -Filter $Filter -All:$true ` -ErrorAction Stop | Where-Object -FilterScript { - $_.TemplateReference.TemplateFamily -eq $templateFamily -and - $_.TemplateReference.TemplateId -in $templateReferences - } + $_.TemplateReference.TemplateFamily -eq $templateFamily -and + $_.TemplateReference.TemplateId -in $templateReferences + } if ($policies.Length -eq 0) { @@ -1698,7 +1698,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -1713,7 +1713,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 index 7e2b0d7ead..6428046d92 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 @@ -170,7 +170,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -412,7 +412,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune App And Browser Isolation Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -443,7 +443,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune App And Browser Isolation Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -758,14 +758,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "9f667e40-8f3c-4f88-80d8-457f16906315_1" + $policyTemplateID = '9f667e40-8f3c-4f88-80d8-457f16906315_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -791,16 +791,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -828,7 +828,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/settings.json index 6f8ca8d487..17a3c28af2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "IntuneAppAndBrowserIsolationPolicyWindows10", - "description": "This resource configures an Intune App And Browser Isolation Policy for Windows10.", - "permissions": { - "graph": { - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] + "resourceName": "IntuneAppAndBrowserIsolationPolicyWindows10", + "description": "This resource configures an Intune App And Browser Isolation Policy for Windows10.", + "permissions": { + "graph": { + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 index c16f87a0b1..30ee290d10 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 @@ -170,7 +170,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -412,7 +412,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune App And Browser Isolation Policy for Windows10 Config Mgr with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -443,7 +443,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune App And Browser Isolation Policy for Windows10 Config Mgr with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -758,14 +758,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "e373ebb7-c1c5-4ffb-9ce0-698f1834fd9d_1" + $policyTemplateID = 'e373ebb7-c1c5-4ffb-9ce0-698f1834fd9d_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -791,16 +791,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -828,7 +828,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/settings.json index 2bed23cd76..fbd63af993 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/settings.json @@ -1,33 +1,32 @@ { - "resourceName": "IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr", - "description": "This resource configures an Intune App And Browser Isolation Policy for Windows10 Config Mgr.", - "permissions": { - "graph": { - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] + "resourceName": "IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr", + "description": "This resource configures an Intune App And Browser Isolation Policy for Windows10 Config Mgr.", + "permissions": { + "graph": { + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 index 58f5f94a9d..a1cedf2a18 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 @@ -73,7 +73,7 @@ function Get-TargetResource $instance = $null if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 index 40e6da6888..1be31cd697 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 @@ -22,7 +22,7 @@ function Get-TargetResource $PermissionActions, [Parameter()] - [ValidateSet('default','androidWorkProfile','androidDeviceOwner')] + [ValidateSet('default', 'androidWorkProfile', 'androidDeviceOwner')] [System.String] $ProfileApplicability, @@ -117,7 +117,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -150,7 +150,7 @@ function Get-TargetResource $mypermissionActions.Add('Action', $currentpermissionActions.action.toString()) } $mypermissionActions.Add('Permission', $currentpermissionActions.permission) - if ($mypermissionActions.values.Where({$null -ne $_}).count -gt 0) + if ($mypermissionActions.values.Where({ $null -ne $_ }).count -gt 0) { $complexPermissionActions += $mypermissionActions } @@ -166,7 +166,7 @@ function Get-TargetResource $mysettings.Add('AppConfigKeyType', $currentsettings.appConfigKeyType.toString()) } $mysettings.Add('AppConfigKeyValue', $currentsettings.appConfigKeyValue) - if ($mysettings.values.Where({$null -ne $_}).count -gt 0) + if ($mysettings.values.Where({ $null -ne $_ }).count -gt 0) { $complexSettings += $mysettings } @@ -276,7 +276,7 @@ function Set-TargetResource $PermissionActions, [Parameter()] - [ValidateSet('default','androidWorkProfile','androidDeviceOwner')] + [ValidateSet('default', 'androidWorkProfile', 'androidDeviceOwner')] [System.String] $ProfileApplicability, @@ -394,7 +394,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune App Configuration Device Policy with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -433,7 +433,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune App Configuration Device Policy with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -501,7 +501,7 @@ function Test-TargetResource $PermissionActions, [Parameter()] - [ValidateSet('default','androidWorkProfile','androidDeviceOwner')] + [ValidateSet('default', 'androidWorkProfile', 'androidDeviceOwner')] [System.String] $ProfileApplicability, @@ -609,7 +609,10 @@ function Test-TargetResource -Source ($source) ` -Target ($target) - if (-not $testResult) { break } + if (-not $testResult) + { + break + } $ValuesToCheck.Remove($key) | Out-Null } @@ -722,7 +725,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -783,15 +786,15 @@ function Export-TargetResource -Credential $Credential if ($Results.PermissionActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PermissionActions" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PermissionActions' -IsCIMArray:$True } if ($Results.Settings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Settings" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Settings' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md index 4b94a974b9..85cf9b00a5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md @@ -3,6 +3,6 @@ ## Description -Intune App Configuration Device Policy. +Intune App Configuration Device Policy. Please note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json index 57be974d43..fe3c38c0d1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "IntuneAppConfigurationDevicePolicy", - "description": "This resource configures an Intune App Configuration Device Policy.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] + "resourceName": "IntuneAppConfigurationDevicePolicy", + "description": "This resource configures an Intune App Configuration Device Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index 2a138b5bb1..e1d3cc0d52 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -79,11 +79,13 @@ function Get-TargetResource try { - try { + try + { $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -TargetedManagedAppConfigurationId $Id ` -ErrorAction Stop } - catch { + catch + { $configPolicy = $null } @@ -106,7 +108,7 @@ function Get-TargetResource Write-Verbose -Message "No App Configuration Policy with DisplayName {$DisplayName} was found" return $nullResult } - if(([array]$configPolicy).count -gt 1) + if (([array]$configPolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -133,8 +135,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $returnHashtable.Add('Assignments', $returnAssignments) @@ -563,7 +565,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index 3c9cdb0c46..f9b14c892d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -252,7 +252,7 @@ function Get-TargetResource Write-Verbose -Message "Searching for Policy using DisplayName {$DisplayName}" $policyInfoArray = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -ExpandProperty Apps, assignments ` -ErrorAction Stop -All:$true - $policyInfo = $policyInfoArray | Where-Object -FilterScript {$_.displayName -eq $DisplayName} + $policyInfo = $policyInfoArray | Where-Object -FilterScript { $_.displayName -eq $DisplayName } } if ($null -eq $policyInfo) { @@ -350,14 +350,21 @@ function Get-TargetResource } catch { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult - return $nullResult + if ($_.Exception.Message -eq 'Multiple Policies with same displayname identified - Module currently only functions with unique names') + { + throw $_ + } + else + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult + return $nullResult + } } } @@ -1005,14 +1012,14 @@ function Test-TargetResource Write-Verbose -Message ('Unspecified Parameter in Config: ' + $param + ' Current Value Will be retained: ' + $CurrentValues.$param) } } - Write-Verbose -Message "Starting Assignments Check" + Write-Verbose -Message 'Starting Assignments Check' # handle complex parameters - manually for now if ($PSBoundParameters.keys -contains 'Assignments' ) { $targetvalues.add('Assignments', $psboundparameters.Assignments) } - Write-Verbose -Message "Starting Exluded Groups Check" + Write-Verbose -Message 'Starting Exluded Groups Check' if ($PSBoundParameters.keys -contains 'ExcludedGroups' ) { $targetvalues.add('ExcludedGroups', $psboundparameters.ExcludedGroups) @@ -1164,7 +1171,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index 8771eaf045..d0fbc61d7e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -773,7 +773,7 @@ function Set-TargetResource Update-IntuneAppProtectionPolicyiOSApp -IosManagedAppProtectionId $policy.id -Apps $myApps - Write-Verbose -Message "Updating policy assignments" + Write-Verbose -Message 'Updating policy assignments' Update-IntuneAppProtectionPolicyiOSAssignment -IosManagedAppProtectionId $policy.id -Assignments $myAssignments } elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') @@ -1234,7 +1234,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -1293,7 +1293,7 @@ function Get-IntuneAppProtectionPolicyiOSAssignmentToHashtable foreach ($assignment in $Parameters.Assignments) { $assignmentValue = $assignment - if (-not [System.Guid]::TryParse($assignment,[System.Management.Automation.PSReference]$ObjectGuid)) + if (-not [System.Guid]::TryParse($assignment, [System.Management.Automation.PSReference]$ObjectGuid)) { $groupInfo = Get-MgGroup -Filter "DisplayName eq '$assignment'" $assignmentValue = $groupInfo.Id @@ -1308,7 +1308,7 @@ function Get-IntuneAppProtectionPolicyiOSAssignmentToHashtable foreach ($exclusion in $Parameters.Exclusions) { $assignmentValue = $exclusion - if (-not [System.Guid]::TryParse($exclusion,[System.Management.Automation.PSReference]$ObjectGuid)) + if (-not [System.Guid]::TryParse($exclusion, [System.Management.Automation.PSReference]$ObjectGuid)) { $groupInfo = Get-MgGroup -Filter "DisplayName eq '$exclusion'" $assignmentValue = $groupInfo.Id @@ -1336,7 +1336,7 @@ function Get-IntuneAppProtectionPolicyiOSAssignment try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments" + $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments" $response = Invoke-MgGraphRequest -Method Get ` -Uri $Url return $response.value @@ -1367,7 +1367,7 @@ function Update-IntuneAppProtectionPolicyiOSAssignment ) try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign" + $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign" $body = ($Assignments | ConvertTo-Json -Depth 20 -Compress) Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload {$Url}: `r`n$body" Invoke-MgGraphRequest -Method POST ` @@ -1401,7 +1401,7 @@ function Update-IntuneAppProtectionPolicyiOSApp try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps" + $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps" # Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload: `r`n$JSONContent" Invoke-MgGraphRequest -Method POST ` -Uri $Url ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 index 73e8ef6abe..c5b4c9199c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 @@ -81,7 +81,7 @@ function Get-TargetResource $instance = $null if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) @@ -91,34 +91,36 @@ function Get-TargetResource if ($null -eq $instance) { - Write-Verbose -Message "Apple push notification certificate." + Write-Verbose -Message 'Apple push notification certificate.' return $nullResult } } $results = @{ - Id = $instance.Id - AppleIdentifier = $instance.AppleIdentifier - - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Id = $instance.Id + AppleIdentifier = $instance.AppleIdentifier + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } - if (-not [String]::IsNullOrEmpty($instance.Certificate)) { + if (-not [String]::IsNullOrEmpty($instance.Certificate)) + { $results.Add('Certificate', $instance.Certificate) } - else { - $results.Add('Certificate', "") + else + { + $results.Add('Certificate', '') } # Get the value of Data sharing consent between Intune and Apple. The id is hardcoded to "appleMDMPushCertificate". - $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId "appleMDMPushCertificate" + $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate' $results.Add('DataSharingConsetGranted', $consentInstance.Granted) return [System.Collections.Hashtable] $results @@ -220,11 +222,13 @@ function Set-TargetResource # Post data sharing consent as granted between Intune and Apple. NOTE: It's a one-way operation. Once agreed, it can't be revoked. # so first check if it is $false, then make a post call to agree to the consent, this set the DataSharingConsetGranted to $true. - $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId "appleMDMPushCertificate" - If($consentInstance.Granted -eq $False) { - Invoke-MgGraphRequest -Method POST -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing") -Headers @{ "Content-Type" = "application/json" } + $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate' + If ($consentInstance.Granted -eq $False) + { + Invoke-MgGraphRequest -Method POST -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' } } - else { + else + { Write-Host "Data sharing conset is already granted, so it can't be revoked." } @@ -244,8 +248,8 @@ function Set-TargetResource # There is only PATCH request hence using Update cmdlet to remove the certificate by passing empty certificate as param. $params = @{ - appleIdentifier = "" - certificate = "" + appleIdentifier = '' + certificate = '' } Update-MgBetaDeviceManagementApplePushNotificationCertificate -BodyParameter $params } @@ -424,22 +428,22 @@ function Export-TargetResource Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline $Params = @{ - Id = $config.Id - AppleIdentifier = $config.AppleIdentifier - Certificate = $config.Certificate - - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Id = $config.Id + AppleIdentifier = $config.AppleIdentifier + Certificate = $config.Certificate + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } # Get the value of Data sharing consent between Intune and Apple. The id is hardcoded to "appleMDMPushCertificate". - $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId "appleMDMPushCertificate" + $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate' $Params.Add('DataSharingConsetGranted', $consentInstance.Granted) $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 index 3e8c8e1133..6882d2819b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 @@ -88,7 +88,7 @@ function Get-TargetResource #Retrieve policy general settings $policy = Get-MgBetaDeviceManagementIntent -All -Filter "displayName eq '$DisplayName'" -ErrorAction Stop | Where-Object -FilterScript { $_.TemplateId -eq '63be6324-e3c9-4c97-948a-e7f4b96f0f20' } - if(([array]$policy).count -gt 1) + if (([array]$policy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -248,7 +248,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' } @@ -285,7 +285,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $appControlPolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $appControlPolicy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' #endregion @@ -555,8 +555,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 4f0ffe06c4..ff70777c6c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -224,8 +224,8 @@ function Get-TargetResource if ($graphAssignments.Count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $returnHashtable.Add('Assignments', $returnAssignments) @@ -860,8 +860,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 index 7ab10b8752..80a3b01f9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -1,4 +1,5 @@ -function Get-TargetResource { +function Get-TargetResource +{ [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( @@ -91,7 +92,7 @@ function Get-TargetResource { $instance = $null if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) @@ -119,20 +120,20 @@ function Get-TargetResource { } $results = @{ - Ensure = 'Present' - Id = $instance.Id - DisplayName = $instance.DisplayName - HelpUrl = $instance.HelpUrl - Issuer = $instance.Issuer.ToString() - NotificationType = $instance.NotificationType.ToString() - RenewalThresholdPercentage = $instance.RenewalThresholdPercentage - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $instance.HelpUrl + Issuer = $instance.Issuer.ToString() + NotificationType = $instance.NotificationType.ToString() + RenewalThresholdPercentage = $instance.RenewalThresholdPercentage + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results @@ -150,7 +151,8 @@ function Get-TargetResource { } } -function Set-TargetResource { +function Set-TargetResource +{ [CmdletBinding()] param ( @@ -187,7 +189,7 @@ function Set-TargetResource { [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] - $Ensure='Present', + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -252,7 +254,8 @@ function Set-TargetResource { } } -function Test-TargetResource { +function Test-TargetResource +{ [CmdletBinding()] [OutputType([System.Boolean])] param ( @@ -361,7 +364,8 @@ function Test-TargetResource { return $testResult } -function Export-TargetResource { +function Export-TargetResource +{ [CmdletBinding()] [OutputType([System.String])] param ( @@ -431,7 +435,7 @@ function Export-TargetResource { ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -466,20 +470,20 @@ function Export-TargetResource { Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline $params = @{ - Ensure = 'Present' - Id = $config.Id - DisplayName = $config.DisplayName - HelpUrl = $config.HelpUrl - Issuer = $config.Issuer.ToString() - NotificationType = $config.NotificationType.ToString() - RenewalThresholdPercentage = $config.RenewalThresholdPercentage - Credential = $Credential - AccessTokens = $AccessTokens - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Ensure = 'Present' + Id = $config.Id + DisplayName = $config.DisplayName + HelpUrl = $config.HelpUrl + Issuer = $config.Issuer.ToString() + NotificationType = $config.NotificationType.ToString() + RenewalThresholdPercentage = $config.RenewalThresholdPercentage + Credential = $Credential + AccessTokens = $AccessTokens + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json index 488bd5b384..c6b0993445 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json @@ -1,21 +1,16 @@ { - "resourceName": "IntuneDerivedCredential", - "description": "Use this resource to create new navigation property to derivedCredentials for device Management in Intune.", - - "permissions": { - "graph": { - "delegated": { - "read": [ - ], - "update": [ - ] - }, - "application": { - "read": [ - ], - "update": [ - ] - } + "resourceName": "IntuneDerivedCredential", + "description": "Use this resource to create new navigation property to derivedCredentials for device Management in Intune.", + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] } } } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index 050cf4c1c9..d5503714c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -416,7 +416,7 @@ function Export-TargetResource { if (-not [string]::IsNullOrEmpty($Filter)) { - Write-Warning -Message "Microsoft Graph filter is only supported for the platform on this resource. Other filters are only supported using startswith, endswith and contains and done by best-effort." + Write-Warning -Message 'Microsoft Graph filter is only supported for the platform on this resource. Other filters are only supported using startswith, endswith and contains and done by best-effort.' $complexFunctions = Get-ComplexFunctionsFromFilterQuery -FilterQuery $Filter $Filter = Remove-ComplexFunctionsFromFilterQuery -FilterQuery $Filter } @@ -477,7 +477,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 index 15fef57b4f..a7d57c5dec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 @@ -370,7 +370,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 index b833981d34..8f3ac88c57 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 @@ -57,7 +57,7 @@ function Get-TargetResource throw [System.ArgumentException]::new('DeviceInactivityBeforeRetirementInDays must be greater than 30 and less than 270 when Enabled is set to true.') } - Write-Verbose -Message "Checking for the Intune Device Cleanup Rule" + Write-Verbose -Message 'Checking for the Intune Device Cleanup Rule' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -78,20 +78,20 @@ function Get-TargetResource try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/managedDeviceCleanupSettings" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' $cleanupRule = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop $return = @{ - Enabled = $cleanupRule.deviceInactivityBeforeRetirementInDays -gt 0 - IsSingleInstance = 'Yes' - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Enabled = $cleanupRule.deviceInactivityBeforeRetirementInDays -gt 0 + IsSingleInstance = 'Yes' + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } if ($return.Enabled) @@ -171,7 +171,7 @@ function Set-TargetResource throw [System.ArgumentException]::new('DeviceInactivityBeforeRetirementInDays must be greater than 30 and less than 270 when Enabled is set to true.') } - Write-Verbose -Message "Updating Device Cleanup Rule" + Write-Verbose -Message 'Updating Device Cleanup Rule' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -188,7 +188,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/managedDeviceCleanupSettings" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' $body = @{ DeviceInactivityBeforeRetirementInDays = "$(if ($Enabled) { $DeviceInactivityBeforeRetirementInDays } else { 0 })" } @@ -265,7 +265,7 @@ function Test-TargetResource -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Device Cleanup Rule" + Write-Verbose -Message 'Testing configuration of Device Cleanup Rule' $CurrentValues = Get-TargetResource @PSBoundParameters @@ -274,7 +274,8 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - if ($CurrentValues.Enabled -eq $false) { + if ($CurrentValues.Enabled -eq $false) + { $ValuesToCheck.Remove('DeviceInactivityBeforeRetirementInDays') | Out-Null } @@ -339,7 +340,7 @@ function Export-TargetResource try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/managedDeviceCleanupSettings" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' [array]$cleanupRules = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop $i = 1 $dscContent = '' @@ -361,19 +362,20 @@ function Export-TargetResource Write-Host " |---[$i/$($cleanupRules.Count)] Cleanup Rule" -NoNewline $params = @{ - Enabled = $cleanupRule.deviceInactivityBeforeRetirementInDays -gt 0 - Ensure = 'Present' - IsSingleInstance = 'Yes' - Credential = $Credential - ApplicationId = $ApplicationId - ApplicationSecret = $ApplicationSecret - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Enabled = $cleanupRule.deviceInactivityBeforeRetirementInDays -gt 0 + Ensure = 'Present' + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + ApplicationSecret = $ApplicationSecret + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } - if ($params.Enabled) { + if ($params.Enabled) + { $params.Add('DeviceInactivityBeforeRetirementInDays', $cleanupRule.deviceInactivityBeforeRetirementInDays) } @@ -395,10 +397,10 @@ function Export-TargetResource } catch { - if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or - $_.Exception -like "* Unauthorized*" -or ` - $_.Exception -like "*Request not applicable to target tenant*" -or ` - $_.Exception -like "*BadRequest*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or + $_.Exception -like '* Unauthorized*' -or ` + $_.Exception -like '*Request not applicable to target tenant*' -or ` + $_.Exception -like '*BadRequest*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index 298d4a4d6d..5d039b9697 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -190,7 +190,7 @@ function Get-TargetResource -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - if(([array]$devicePolicy).count -gt 1) + if (([array]$devicePolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -243,12 +243,12 @@ function Get-TargetResource } $returnAssignments = @() - $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -487,7 +487,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' } @@ -513,7 +513,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDeviceAndroidPolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDeviceAndroidPolicy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' #endregion @@ -896,7 +896,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 index 32b98e183f..6b3e74cfb3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 @@ -144,7 +144,7 @@ function Get-TargetResource $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - if(([array]$devicePolicy).count -gt 1) + if (([array]$devicePolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -185,12 +185,12 @@ function Get-TargetResource } $returnAssignments = @() - $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -382,7 +382,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' } @@ -410,7 +410,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDeviceAndroidPolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDeviceAndroidPolicy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' #endregion @@ -750,7 +750,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index decf7d703b..22db00a858 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -180,7 +180,7 @@ function Get-TargetResource -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - if(([array]$devicePolicy).count -gt 1) + if (([array]$devicePolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -231,12 +231,12 @@ function Get-TargetResource } $returnAssignments = @() - $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -464,7 +464,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' } @@ -489,7 +489,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDeviceAndroidPolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDeviceAndroidPolicy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' #endregion @@ -859,7 +859,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 index bb853754a6..c7127f5894 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 @@ -163,7 +163,7 @@ function Get-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - if(([array]$devicePolicy).count -gt 1) + if (([array]$devicePolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -209,12 +209,12 @@ function Get-TargetResource } $returnAssignments = @() - $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -428,7 +428,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' } @@ -453,7 +453,7 @@ function Set-TargetResource #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDevicePolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDevicePolicy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' #endregion @@ -812,7 +812,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 0d91d29151..c22933a470 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -205,7 +205,7 @@ function Get-TargetResource -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - if(([array]$devicePolicy).count -gt 1) + if (([array]$devicePolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -231,7 +231,7 @@ function Get-TargetResource { $myValidOperatingSystemBuildRanges.Add('Description', $currentValidOperatingSystemBuildRanges.description) } - if ($myValidOperatingSystemBuildRanges.values.Where({$null -ne $_}).Count -gt 0) + if ($myValidOperatingSystemBuildRanges.values.Where({ $null -ne $_ }).Count -gt 0) { $complexValidOperatingSystemBuildRanges += $myValidOperatingSystemBuildRanges } @@ -284,12 +284,12 @@ function Get-TargetResource } $returnAssignments = @() - $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id if ($graphAssignments.Count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -991,7 +991,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index 211ae080d5..da86e30460 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -154,7 +154,7 @@ function Get-TargetResource -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - if(([array]$devicePolicy).count -gt 1) + if (([array]$devicePolicy).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -198,12 +198,12 @@ function Get-TargetResource } $returnAssignments = @() - $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $graphAssignments = Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -412,7 +412,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' } @@ -442,7 +442,7 @@ function Set-TargetResource -DeviceCompliancePolicyId $configDevicePolicy.Id #region Assignments $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDevicePolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configDevicePolicy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceCompliancePolicies' #endregion @@ -813,7 +813,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 46671eae5f..0d5fa40465 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -104,7 +104,7 @@ function Get-TargetResource Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" return $nullResult } - if(([array]$getValue).count -gt 1) + if (([array]$getValue).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -243,8 +243,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -253,7 +253,7 @@ function Get-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*') { if (Assert-M365DSCIsNonInteractiveShell) { @@ -851,7 +851,7 @@ function Export-TargetResource ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent - AccessTokens` = $AccessTokens + AccessTokens = $AccessTokens } $Results = Get-TargetResource @params @@ -937,7 +937,7 @@ function Export-TargetResource $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $currentDSCBlock = $currentDSCBlock.replace( "`r`n,`r`n" , "`r`n" ) - $currentDSCBlock = $currentDSCBlock.Replace("} Enabled = `$","}`r`n Enabled = `$") + $currentDSCBlock = $currentDSCBlock.Replace("} Enabled = `$", "}`r`n Enabled = `$") $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -950,8 +950,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json index 88bde5e09c..dc5ce1c1bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10", "description": "This resource configures an Intune Device Configuration Administrative Template Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 6ba0b67424..51e53f4a99 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -86,7 +86,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -99,15 +99,15 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10CustomConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CustomConfiguration' ` + } if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}" return $nullResult } - if(([array]$getValue).count -gt 1) + if (([array]$getValue).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -153,7 +153,7 @@ function Get-TargetResource { $myomaSettings.Add('odataType', $currentomaSettings.'@odata.type'.toString()) } - if ($myomaSettings.values.Where({$null -ne $_}).count -gt 0) + if ($myomaSettings.values.Where({ $null -ne $_ }).count -gt 0) { $complexOmaSettings += $myomaSettings } @@ -183,8 +183,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -198,8 +198,8 @@ function Get-TargetResource -TenantId $TenantId ` -Credential $Credential - $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult - return $nullResult + $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult + return $nullResult } } @@ -294,7 +294,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -303,13 +303,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10CustomConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10CustomConfiguration') foreach ($omaSetting in $CreateParameters.OmaSettings) { if ($omaSetting.'@odata.type' -ne '#microsoft.graph.omaSettingInteger') @@ -328,7 +328,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -337,7 +337,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Custom Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -347,13 +347,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10CustomConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10CustomConfiguration') foreach ($omaSetting in $UpdateParameters.OmaSettings) { @@ -502,7 +502,7 @@ function Test-TargetResource } } - $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -581,7 +581,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CustomConfiguration' ` - } + } #endregion $i = 1 @@ -662,11 +662,11 @@ function Export-TargetResource if ($Results.OmaSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OmaSettings" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OmaSettings' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -679,7 +679,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json index 1309114462..c8d6a7d4d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationCustomPolicyWindows10", "description": "This resource configures an Intune Device Configuration Custom Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 index 2a5ed2aabd..fc55b2aea2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 @@ -106,7 +106,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -119,14 +119,14 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration' ` + } if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with DisplayName {$DisplayName}" return $nullResult } - if(([array]$getValue).count -gt 1) + if (([array]$getValue).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -164,8 +164,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -287,13 +287,13 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters if ($AdvancedThreatProtectionAutoPopulateOnboardingBlob -and ` - $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob) + $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob) { $CreateParameters.Remove('AdvancedThreatProtectionOnboardingBlob') | Out-Null } @@ -309,13 +309,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -324,13 +324,13 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters if ($AdvancedThreatProtectionAutoPopulateOnboardingBlob -and ` - $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob) + $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob) { $UpdateParameters.Remove('AdvancedThreatProtectionOnboardingBlob') | Out-Null } @@ -346,7 +346,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -505,7 +505,7 @@ function Test-TargetResource $ValuesToCheck.remove('Id') | Out-Null if ($AdvancedThreatProtectionAutoPopulateOnboardingBlob -and ` - $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob) + $PSBoundParameters.AdvancedThreatProtectionAutoPopulateOnboardingBlob) { $ValuesToCheck.Remove('AdvancedThreatProtectionOnboardingBlob') | Out-Null } @@ -587,7 +587,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration' ` - } + } #endregion $i = 1 @@ -615,7 +615,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -653,7 +653,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -667,7 +667,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/settings.json index a9710165fc..77c265bb50 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10", "description": "This resource configures an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 index 895103e1f0..9d52eeba74 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 @@ -153,7 +153,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -171,7 +171,7 @@ function Get-TargetResource Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with DisplayName {$DisplayName}" return $nullResult } - if(([array]$getValue).count -gt 1) + if (([array]$getValue).count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -305,8 +305,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) return [System.Collections.Hashtable] $results @@ -488,7 +488,7 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsDeliveryOptimizationConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsDeliveryOptimizationConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -519,7 +519,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsDeliveryOptimizationConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsDeliveryOptimizationConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -956,7 +956,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 index 56288fa130..2e55eef151 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 @@ -98,7 +98,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -111,17 +111,17 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windowsDomainJoinConfiguration" ` - } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if(([array]$getValue).count -gt 1) - { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDomainJoinConfiguration' ` + } + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } #endregion @@ -154,8 +154,8 @@ function Get-TargetResource if ($graphAssignments.count -gt 0) { $returnAssignments += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($graphAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($graphAssignments) } $results.Add('Assignments', $returnAssignments) @@ -169,8 +169,8 @@ function Get-TargetResource -TenantId $TenantId ` -Credential $Credential - $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult - return $nullResult + $nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult + return $nullResult } } @@ -269,7 +269,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -284,13 +284,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsDomainJoinConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsDomainJoinConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -299,7 +299,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Domain Join Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -315,7 +315,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsDomainJoinConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsDomainJoinConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -542,7 +542,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDomainJoinConfiguration' ` - } + } #endregion $i = 1 @@ -569,15 +569,15 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } @@ -608,7 +608,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -622,7 +622,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json index 7f3828149e..48831c8e53 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json @@ -1,42 +1,41 @@ { "resourceName": "IntuneDeviceConfigurationDomainJoinPolicyWindows10", "description": "This resource configures an Intune Device Configuration Domain Join Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 index ae45306b9f..aa2de10ce6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 @@ -1060,7 +1060,7 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' } if ($null -eq $getValue) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 index 9328f6575a..795ff7ce4a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 @@ -6,107 +6,107 @@ function Get-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Bluetooth, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $BootFromBuiltInNetworkAdapters, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $BootFromExternalMedia, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Cameras, [Parameter()] - [ValidateSet('notConfiguredOnly','none')] + [ValidateSet('notConfiguredOnly', 'none')] [System.String] $ChangeUefiSettingsPermission, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FrontCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InfraredCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Microphone, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $MicrophonesAndSpeakers, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $NearFieldCommunication, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Radios, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $RearCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $SdCard, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $SimultaneousMultiThreading, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $UsbTypeAPort, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VirtualizationOfCpuAndIO, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WakeOnLAN, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WakeOnPower, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WiFi, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WindowsPlatformBinaryTable, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WirelessWideAreaNetwork, @@ -187,7 +187,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -200,8 +200,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface' ` + } } } #endregion @@ -384,8 +384,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -410,107 +410,107 @@ function Set-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Bluetooth, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $BootFromBuiltInNetworkAdapters, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $BootFromExternalMedia, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Cameras, [Parameter()] - [ValidateSet('notConfiguredOnly','none')] + [ValidateSet('notConfiguredOnly', 'none')] [System.String] $ChangeUefiSettingsPermission, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FrontCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InfraredCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Microphone, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $MicrophonesAndSpeakers, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $NearFieldCommunication, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Radios, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $RearCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $SdCard, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $SimultaneousMultiThreading, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $UsbTypeAPort, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VirtualizationOfCpuAndIO, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WakeOnLAN, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WakeOnPower, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WiFi, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WindowsPlatformBinaryTable, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WirelessWideAreaNetwork, @@ -587,7 +587,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Firmware Interface Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -602,13 +602,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -617,7 +617,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -633,7 +633,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -661,107 +661,107 @@ function Test-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Bluetooth, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $BootFromBuiltInNetworkAdapters, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $BootFromExternalMedia, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Cameras, [Parameter()] - [ValidateSet('notConfiguredOnly','none')] + [ValidateSet('notConfiguredOnly', 'none')] [System.String] $ChangeUefiSettingsPermission, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FrontCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InfraredCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Microphone, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $MicrophonesAndSpeakers, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $NearFieldCommunication, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $Radios, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $RearCamera, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $SdCard, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $SimultaneousMultiThreading, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $UsbTypeAPort, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VirtualizationOfCpuAndIO, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WakeOnLAN, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WakeOnPower, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WiFi, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WindowsPlatformBinaryTable, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $WirelessWideAreaNetwork, @@ -944,7 +944,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface' ` - } + } #endregion $i = 1 @@ -971,16 +971,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1005,7 +1005,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -1019,7 +1019,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json index 9e4b185543..6e88575954 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10", "description": "This resource configures an Intune Device Configuration Firmware Interface Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index c851d3e943..8cac254daf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -96,7 +96,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -159,8 +159,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -287,7 +287,7 @@ function Set-TargetResource } $CreateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$CreateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsHealthMonitoringConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -319,7 +319,7 @@ function Set-TargetResource } $UpdateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$UpdateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsHealthMonitoringConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -614,7 +614,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 index 4433d7a31c..d398679977 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 @@ -141,7 +141,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -221,8 +221,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -361,7 +361,7 @@ function Set-TargetResource ) Write-Warning -Message "The resource 'IntuneDeviceConfigurationIdentityProtectionPolicyWindows10' is deprecated. It will be removed in a future release. Please use 'IntuneAccountProtectionPolicyWindows10' instead." - Write-Warning -Message "For more information, please visit https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#consolidation-of-intune-profiles-for-identity-protection-and-account-protection-" + Write-Warning -Message 'For more information, please visit https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#consolidation-of-intune-profiles-for-identity-protection-and-account-protection-' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -396,7 +396,7 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsIdentityProtectionConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsIdentityProtectionConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -427,7 +427,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsIdentityProtectionConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsIdentityProtectionConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -767,7 +767,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 index 65c3e07e15..e0b433829b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 @@ -6,12 +6,12 @@ function Get-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('unassigned','smimeEncryption','smimeSigning','vpn','wifi')] + [ValidateSet('unassigned', 'smimeEncryption', 'smimeSigning', 'vpn', 'wifi')] [System.String] $IntendedPurpose, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -20,7 +20,7 @@ function Get-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -29,12 +29,12 @@ function Get-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -111,7 +111,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -124,8 +124,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10ImportedPFXCertificateProfile" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10ImportedPFXCertificateProfile' ` + } } } #endregion @@ -197,8 +197,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -223,12 +223,12 @@ function Set-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('unassigned','smimeEncryption','smimeSigning','vpn','wifi')] + [ValidateSet('unassigned', 'smimeEncryption', 'smimeSigning', 'vpn', 'wifi')] [System.String] $IntendedPurpose, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -237,7 +237,7 @@ function Set-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -246,12 +246,12 @@ function Set-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -324,7 +324,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -339,13 +339,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10ImportedPFXCertificateProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10ImportedPFXCertificateProfile') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -354,7 +354,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -370,7 +370,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10ImportedPFXCertificateProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10ImportedPFXCertificateProfile') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -398,12 +398,12 @@ function Test-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('unassigned','smimeEncryption','smimeSigning','vpn','wifi')] + [ValidateSet('unassigned', 'smimeEncryption', 'smimeSigning', 'vpn', 'wifi')] [System.String] $IntendedPurpose, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -412,7 +412,7 @@ function Test-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -421,12 +421,12 @@ function Test-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -605,7 +605,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10ImportedPFXCertificateProfile' ` - } + } #endregion $i = 1 @@ -632,16 +632,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -666,7 +666,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -680,7 +680,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/settings.json index 7bc21f184f..f89e74a38f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10", "description": "This resource configures an Intune Device Configuration Imported Pfx Certificate Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 index 98e04fdc6b..9bae201594 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 @@ -118,7 +118,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -131,8 +131,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windowsKioskConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsKioskConfiguration' ` + } } } #endregion @@ -183,12 +183,12 @@ function Get-TargetResource { $myApps.Add('odataType', $currentApps.'@odata.type'.toString()) } - if ($myApps.values.Where({$null -ne $_}).count -gt 0) + if ($myApps.values.Where({ $null -ne $_ }).count -gt 0) { $complexApps += $myApps } } - $complexAppConfiguration.Add('Apps',$complexApps) + $complexAppConfiguration.Add('Apps', $complexApps) $complexAppConfiguration.Add('DisallowDesktopApps', $currentkioskProfiles.appConfiguration.disallowDesktopApps) $complexAppConfiguration.Add('ShowTaskBar', $currentkioskProfiles.appConfiguration.showTaskBar) $complexAppConfiguration.Add('StartMenuLayoutXml', $currentkioskProfiles.appConfiguration.startMenuLayoutXml) @@ -221,11 +221,11 @@ function Get-TargetResource { $complexUwpApp.Add('odataType', $currentkioskProfiles.appConfiguration.uwpApp.'@odata.type'.toString()) } - if ($complexUwpApp.values.Where({$null -ne $_}).count -eq 0) + if ($complexUwpApp.values.Where({ $null -ne $_ }).count -eq 0) { $complexUwpApp = $null } - $complexAppConfiguration.Add('UwpApp',$complexUwpApp) + $complexAppConfiguration.Add('UwpApp', $complexUwpApp) $complexWin32App = @{} $complexWin32App.Add('ClassicAppPath', $currentkioskProfiles.appConfiguration.win32App.classicAppPath) $complexWin32App.Add('EdgeKiosk', $currentkioskProfiles.appConfiguration.win32App.edgeKiosk) @@ -255,20 +255,20 @@ function Get-TargetResource { $complexWin32App.Add('odataType', $currentkioskProfiles.appConfiguration.win32App.'@odata.type'.toString()) } - if ($complexWin32App.values.Where({$null -ne $_}).count -eq 0) + if ($complexWin32App.values.Where({ $null -ne $_ }).count -eq 0) { $complexWin32App = $null } - $complexAppConfiguration.Add('Win32App',$complexWin32App) + $complexAppConfiguration.Add('Win32App', $complexWin32App) if ($null -ne $currentkioskProfiles.appConfiguration.'@odata.type') { $complexAppConfiguration.Add('odataType', $currentkioskProfiles.appConfiguration.'@odata.type'.toString()) } - if ($complexAppConfiguration.values.Where({$null -ne $_}).count -eq 0) + if ($complexAppConfiguration.values.Where({ $null -ne $_ }).count -eq 0) { $complexAppConfiguration = $null } - $mykioskProfiles.Add('AppConfiguration',$complexAppConfiguration) + $mykioskProfiles.Add('AppConfiguration', $complexAppConfiguration) $mykioskProfiles.Add('ProfileId', $currentkioskProfiles.profileId) $mykioskProfiles.Add('ProfileName', $currentkioskProfiles.profileName) $complexUserAccountsConfiguration = @() @@ -285,13 +285,13 @@ function Get-TargetResource { $myUserAccountsConfiguration.Add('odataType', $currentUserAccountsConfiguration.'@odata.type'.toString()) } - if ($myUserAccountsConfiguration.values.Where({$null -ne $_}).count -gt 0) + if ($myUserAccountsConfiguration.values.Where({ $null -ne $_ }).count -gt 0) { $complexUserAccountsConfiguration += $myUserAccountsConfiguration } } - $mykioskProfiles.Add('UserAccountsConfiguration',$complexUserAccountsConfiguration) - if ($mykioskProfiles.values.Where({$null -ne $_}).count -gt 0) + $mykioskProfiles.Add('UserAccountsConfiguration', $complexUserAccountsConfiguration) + if ($mykioskProfiles.values.Where({ $null -ne $_ }).count -gt 0) { $complexKioskProfiles += $mykioskProfiles } @@ -312,7 +312,7 @@ function Get-TargetResource { $complexWindowsKioskForceUpdateSchedule.Add('StartDateTime', ([DateTimeOffset]$getValue.AdditionalProperties.windowsKioskForceUpdateSchedule.startDateTime).ToString('o')) } - if ($complexWindowsKioskForceUpdateSchedule.values.Where({$null -ne $_}).count -eq 0) + if ($complexWindowsKioskForceUpdateSchedule.values.Where({ $null -ne $_ }).count -eq 0) { $complexWindowsKioskForceUpdateSchedule = $null } @@ -349,8 +349,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -483,7 +483,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Kiosk Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -498,13 +498,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsKioskConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsKioskConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -513,7 +513,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Kiosk Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -529,7 +529,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsKioskConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsKioskConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -771,7 +771,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsKioskConfiguration' ` - } + } #endregion $i = 1 @@ -798,16 +798,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -817,34 +817,34 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'KioskProfiles' + Name = 'KioskProfiles' CimInstanceName = 'MicrosoftGraphWindowsKioskProfile' - IsRequired = $False + IsRequired = $False } @{ - Name = 'AppConfiguration' + Name = 'AppConfiguration' CimInstanceName = 'MicrosoftGraphWindowsKioskAppConfiguration' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Apps' + Name = 'Apps' CimInstanceName = 'MicrosoftGraphWindowsKioskAppBase' - IsRequired = $False + IsRequired = $False } @{ - Name = 'UwpApp' + Name = 'UwpApp' CimInstanceName = 'MicrosoftGraphWindowsKioskUWPApp' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Win32App' + Name = 'Win32App' CimInstanceName = 'MicrosoftGraphWindowsKioskWin32App' - IsRequired = $False + IsRequired = $False } @{ - Name = 'UserAccountsConfiguration' + Name = 'UserAccountsConfiguration' CimInstanceName = 'MicrosoftGraphWindowsKioskUser' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -894,15 +894,15 @@ function Export-TargetResource -Credential $Credential if ($Results.KioskProfiles) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskProfiles" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskProfiles' -IsCIMArray:$True } if ($Results.WindowsKioskForceUpdateSchedule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "WindowsKioskForceUpdateSchedule" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsKioskForceUpdateSchedule' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -915,7 +915,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/settings.json index 4b9ef1bb53..20347270af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationKioskPolicyWindows10", "description": "This resource configures an Intune Device Configuration Kiosk Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index b9c640d5de..fe0180b9b4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -98,7 +98,7 @@ function Get-TargetResource -All ` -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' } } } @@ -177,8 +177,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -533,7 +533,7 @@ function Export-TargetResource [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' } #endregion @@ -648,7 +648,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 index 9be4dcca02..b8c8708958 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 @@ -6,7 +6,7 @@ function Get-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('user','machine')] + [ValidateSet('user', 'machine')] [System.String] $CertificateStore, @@ -39,7 +39,7 @@ function Get-TargetResource $SubjectNameFormatString, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -48,7 +48,7 @@ function Get-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -57,12 +57,12 @@ function Get-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -139,7 +139,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -152,8 +152,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10PkcsCertificateProfile" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10PkcsCertificateProfile' ` + } } } #endregion @@ -175,7 +175,7 @@ function Get-TargetResource { $mycustomSubjectAlternativeNames.Add('SanType', $currentcustomSubjectAlternativeNames.sanType.toString()) } - if ($mycustomSubjectAlternativeNames.values.Where({$null -ne $_}).count -gt 0) + if ($mycustomSubjectAlternativeNames.values.Where({ $null -ne $_ }).count -gt 0) { $complexCustomSubjectAlternativeNames += $mycustomSubjectAlternativeNames } @@ -187,7 +187,7 @@ function Get-TargetResource $myextendedKeyUsages = @{} $myextendedKeyUsages.Add('Name', $currentextendedKeyUsages.name) $myextendedKeyUsages.Add('ObjectIdentifier', $currentextendedKeyUsages.objectIdentifier) - if ($myextendedKeyUsages.values.Where({$null -ne $_}).count -gt 0) + if ($myextendedKeyUsages.values.Where({ $null -ne $_ }).count -gt 0) { $complexExtendedKeyUsages += $myextendedKeyUsages } @@ -261,8 +261,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -287,7 +287,7 @@ function Set-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('user','machine')] + [ValidateSet('user', 'machine')] [System.String] $CertificateStore, @@ -320,7 +320,7 @@ function Set-TargetResource $SubjectNameFormatString, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -329,7 +329,7 @@ function Set-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -338,12 +338,12 @@ function Set-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -416,7 +416,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Pkcs Certificate Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -431,13 +431,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10PkcsCertificateProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10PkcsCertificateProfile') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -446,7 +446,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Pkcs Certificate Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -462,7 +462,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10PkcsCertificateProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10PkcsCertificateProfile') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -490,7 +490,7 @@ function Test-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('user','machine')] + [ValidateSet('user', 'machine')] [System.String] $CertificateStore, @@ -523,7 +523,7 @@ function Test-TargetResource $SubjectNameFormatString, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -532,7 +532,7 @@ function Test-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -541,12 +541,12 @@ function Test-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -725,7 +725,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10PkcsCertificateProfile' ` - } + } #endregion $i = 1 @@ -752,16 +752,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -814,15 +814,15 @@ function Export-TargetResource -Credential $Credential if ($Results.CustomSubjectAlternativeNames) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "CustomSubjectAlternativeNames" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'CustomSubjectAlternativeNames' -IsCIMArray:$True } if ($Results.ExtendedKeyUsages) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ExtendedKeyUsages" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ExtendedKeyUsages' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -835,7 +835,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/settings.json index a89fd6923c..8bf0629651 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationPkcsCertificatePolicyWindows10", "description": "This resource configures an Intune Device Configuration Pkcs Certificate Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 index 6bff4042fa..4c90f2ae55 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 @@ -34,7 +34,7 @@ function Get-TargetResource $RoleScopeTagIds, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -109,7 +109,7 @@ function Get-TargetResource #region resource generator code $getValue = Get-MgBetaDeviceManagementDeviceShellScript ` -DeviceShellScriptId $Id ` - -ExpandProperty "assignments" ` + -ExpandProperty 'assignments' ` -ErrorAction SilentlyContinue if ($null -eq $getValue) @@ -121,11 +121,11 @@ function Get-TargetResource $getValue = Get-MgBetaDeviceManagementDeviceShellScript ` -All ` -Filter "DisplayName eq '$DisplayName'" ` - -ExpandProperty "assignments" ` + -ExpandProperty 'assignments' ` -ErrorAction SilentlyContinue if ($null -ne $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceShellScript -DeviceShellScriptId $getValue.Id -ExpandProperty "assignments" + $getValue = Get-MgBetaDeviceManagementDeviceShellScript -DeviceShellScriptId $getValue.Id -ExpandProperty 'assignments' } } } @@ -175,8 +175,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -229,7 +229,7 @@ function Set-TargetResource $RoleScopeTagIds, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -298,7 +298,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Platform Script MacOS with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -315,13 +315,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.DeviceShellScript") + $CreateParameters.Add('@odata.type', '#microsoft.graph.DeviceShellScript') $policy = New-MgBetaDeviceManagementDeviceShellScript -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.Id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.Id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.Id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceShellScripts' ` -RootIdentifier 'deviceManagementScriptAssignments' @@ -331,7 +331,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Platform Script MacOS with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -349,7 +349,7 @@ function Set-TargetResource } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.DeviceShellScript") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.DeviceShellScript') Update-MgBetaDeviceManagementDeviceShellScript ` -DeviceShellScriptId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -406,7 +406,7 @@ function Test-TargetResource $RoleScopeTagIds, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -611,16 +611,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -645,7 +645,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/settings.json index 2e66e44c69..b08a848e79 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/settings.json @@ -1,57 +1,56 @@ { - "resourceName": "IntuneDeviceConfigurationPlatformScriptMacOS", - "description": "This resource configures an Intune Device Configuration Platform Script MacOS.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementManagedDevices.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name": "DeviceManagementManagedDevices.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementManagedDevices.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name": "DeviceManagementManagedDevices.ReadWrite.All" - } - ] + "resourceName": "IntuneDeviceConfigurationPlatformScriptMacOS", + "description": "This resource configures an Intune Device Configuration Platform Script MacOS.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementManagedDevices.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "DeviceManagementManagedDevices.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementManagedDevices.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "DeviceManagementManagedDevices.ReadWrite.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 index 4af1d514f8..1c5729302c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 @@ -30,7 +30,7 @@ function Get-TargetResource $RunAs32Bit, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -166,8 +166,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -216,7 +216,7 @@ function Set-TargetResource $RunAs32Bit, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -285,7 +285,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Platform Script Windows with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -302,13 +302,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.DeviceManagementScript") + $CreateParameters.Add('@odata.type', '#microsoft.graph.DeviceManagementScript') $policy = New-MgBetaDeviceManagementScript -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.Id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.Id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.Id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceManagementScripts' ` -RootIdentifier 'deviceManagementScriptAssignments' @@ -318,7 +318,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Platform Script Windows with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -335,7 +335,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.DeviceManagementScript") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.DeviceManagementScript') Update-MgBetaDeviceManagementScript ` -DeviceManagementScriptId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -388,7 +388,7 @@ function Test-TargetResource $RunAs32Bit, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -593,16 +593,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -627,7 +627,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/settings.json index 070e75b660..d509afdf19 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/settings.json @@ -1,17 +1,16 @@ { - "resourceName": "IntuneDeviceConfigurationPlatformScriptWindows", - "description": "This resource configures an Intune Device Configuration Platform Script Windows.", - "permissions": { - "graph": { - "delegated": { - "read": [], - "update": [] - }, - "application": { - "read": [], - "update": [] + "resourceName": "IntuneDeviceConfigurationPlatformScriptWindows", + "description": "This resource configures an Intune Device Configuration Platform Script Windows.", + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index f5a331ed67..97fdb3ab42 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -299,8 +299,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidGeneralDeviceConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidGeneralDeviceConfiguration' ` } } #endregion @@ -308,14 +308,14 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.appsHideList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0 ) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexAppsHideList += $currentHash } } @@ -323,14 +323,14 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.appsLaunchBlockList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0 ) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexAppsLaunchBlockList += $currentHash } } @@ -338,14 +338,14 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.appsInstallAllowList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0 ) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexAppsInstallAllowList += $currentHash } } @@ -353,14 +353,14 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.compliantAppsList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0 ) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexCompliantAppsList += $currentHash } } @@ -368,14 +368,14 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.kioskModeApps if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0 ) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexKioskModeApps += $currentHash } } @@ -464,8 +464,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -817,7 +817,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -1169,7 +1169,7 @@ function Test-TargetResource { $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` - -Target ($target) -verbose + -Target ($target) -Verbose if (-Not $testResult) { @@ -1446,7 +1446,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 147fbec312..20bfc55b21 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -651,8 +651,8 @@ function Get-TargetResource if (-not $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' ` } } #endregion @@ -669,7 +669,7 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.azureAdSharedDeviceDataClearApps if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{ appId = $currentValue.appId @@ -691,10 +691,10 @@ function Get-TargetResource $currentValueArray = $currentValue.localizedMessages if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentChildValue in $currentValueArray) + foreach ($currentChildValue in $currentValueArray) { $currentHash = @{ - Name = $currentChildValue.name + Name = $currentChildValue.name Value = $currentChildValue.value } $complexLocalizedMessages += $currentHash @@ -712,10 +712,10 @@ function Get-TargetResource $currentValueArray = $currentValue.localizedMessages if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentChildValue in $currentValueArray) + foreach ($currentChildValue in $currentValueArray) { $currentHash = @{ - Name = $currentChildValue.name + Name = $currentChildValue.name Value = $currentChildValue.value } $complexLocalizedMessages += $currentHash @@ -739,7 +739,7 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.kioskModeApps if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} $currentHash.add('AppId', $currentValue.appid) @@ -755,7 +755,7 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.personalProfilePersonalApplications if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} $currentHash.add('AppId', $currentValue.appid) @@ -776,10 +776,10 @@ function Get-TargetResource $currentValueArray = $currentValue.localizedMessages if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentChildValue in $currentValueArray) + foreach ($currentChildValue in $currentValueArray) { $currentHash = @{ - Name = $currentChildValue.name + Name = $currentChildValue.name Value = $currentChildValue.value } $complexLocalizedMessages += $currentHash @@ -792,7 +792,7 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.systemUpdateFreezePeriods if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} $currentHash.Add('StartDay', $currentValue.startDay) @@ -958,13 +958,13 @@ function Get-TargetResource AccessTokens = $AccessTokens } - $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id $assignmentResult = @() if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -972,7 +972,7 @@ function Get-TargetResource } catch { - write-verbose $_ + Write-Verbose $_ New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -1678,7 +1678,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -2394,7 +2394,7 @@ function Test-TargetResource { $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` - -Target ($target) -verbose + -Target ($target) -Verbose if (-Not $testResult) { @@ -2859,7 +2859,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index cfd134a772..a1af645dd3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -152,8 +152,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerDeviceConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerDeviceConfiguration' ` } } #endregion @@ -208,8 +208,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -414,7 +414,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -800,7 +800,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 7690798080..204910d7c5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -331,13 +331,13 @@ function Get-TargetResource AccessTokens = $AccessTokens } - $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id $assignmentResult = @() if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -634,7 +634,7 @@ function Set-TargetResource $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -645,8 +645,8 @@ function Set-TargetResource Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" $configDevicePolicy = Get-MgBetaDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' + } $PSBoundParameters.Remove('DisplayName') | Out-Null $PSBoundParameters.Remove('Description') | Out-Null @@ -670,8 +670,8 @@ function Set-TargetResource Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" $configDevicePolicy = Get-MgBetaDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' ` + } Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $configDevicePolicy.Id } @@ -1115,7 +1115,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index 7e9fb16810..ca2c35fb20 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -340,8 +340,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSGeneralDeviceConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSGeneralDeviceConfiguration' ` } } @@ -440,8 +440,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -810,7 +810,7 @@ function Set-TargetResource { $CreateParameters.add('AdditionalProperties', $AdditionalProperties) }#> - $CreateParameters.Add('@odata.type','#microsoft.graph.macOSGeneralDeviceConfiguration') + $CreateParameters.Add('@odata.type', '#microsoft.graph.macOSGeneralDeviceConfiguration') #region resource generator code $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters @@ -818,7 +818,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -857,7 +857,7 @@ function Set-TargetResource { $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) }#> - $UpdateParameters.add('@odata.type','#microsoft.graph.macOSGeneralDeviceConfiguration') + $UpdateParameters.add('@odata.type', '#microsoft.graph.macOSGeneralDeviceConfiguration') #$UpdateParameters.remove('emailInDomainSuffixes') #$UpdateParameters.remove('updateDelayPolicy') @@ -1313,7 +1313,7 @@ function Export-TargetResource [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` -ErrorAction Stop | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -like "#microsoft.graph.macOS*" ` + $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.macOS*' ` } #endregion @@ -1436,7 +1436,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 0917511f3f..992362c18e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -1262,7 +1262,7 @@ function Get-TargetResource { $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -1984,9 +1984,9 @@ function Get-TargetResource } $rawAssignments = @() - $rawAssignments = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id -All + $rawAssignments = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id -All $assignmentResult = @() - if($null -ne $rawAssignments -and $rawAssignments.count -gt 0) + if ($null -ne $rawAssignments -and $rawAssignments.count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $rawAssignments } @@ -3287,14 +3287,14 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10GeneralConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters #endregion #region new Intune assignment management if ($policy.id) { $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } @@ -3326,7 +3326,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10GeneralConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -3336,13 +3336,13 @@ function Set-TargetResource $currentAssignments += Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $currentInstance.id $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } foreach ($assignment in $intuneAssignments) { - if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type' })) + if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type' })) { New-MgBetaDeviceManagementDeviceConfigurationAssignment ` -DeviceConfigurationId $currentInstance.id ` @@ -3350,10 +3350,10 @@ function Set-TargetResource } else { - $currentAssignments = $currentAssignments | Where-Object { -not ($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type') } + $currentAssignments = $currentAssignments | Where-Object { -not ($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type') } } } - if($currentAssignments.count -gt 0) + if ($currentAssignments.count -gt 0) { foreach ($assignment in $currentAssignments) { @@ -4893,7 +4893,7 @@ function Export-TargetResource #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.Replace(" ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.Replace("`r`n;`r`n" , "`r`n" ) - $currentDSCBlock = $currentDSCBlock.Replace(",`r`n",'') + $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '') $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -4905,7 +4905,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 662f14afe6..56f354bbd8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -844,8 +844,8 @@ function Get-TargetResource if (-not $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` } } #endregion @@ -1050,31 +1050,31 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.appsSingleAppModeList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexAppsSingleAppModeList += $currentHash } } $results.Add('AppsSingleAppModeList', $complexAppsSingleAppModeList) - $complexAppsVisibilityList= @() + $complexAppsVisibilityList = @() $currentValueArray = $getValue.AdditionalProperties.appsVisibilityList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexAppsVisibilityList += $currentHash } } @@ -1084,14 +1084,14 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.compliantAppsList if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexCompliantAppsList += $currentHash } } @@ -1110,12 +1110,12 @@ function Get-TargetResource ) foreach ($country in $ratingCountries) { - $complexMediaContentRating= @{} + $complexMediaContentRating = @{} $currentValue = $getValue.AdditionalProperties."mediaContentRating$country" if ($null -ne $currentValue) { - $complexMediaContentRating.Add('MovieRating',$currentValue.movieRating.toString()) - $complexMediaContentRating.Add('TvRating',$currentValue.tvRating.toString()) + $complexMediaContentRating.Add('MovieRating', $currentValue.movieRating.toString()) + $complexMediaContentRating.Add('TvRating', $currentValue.tvRating.toString()) } $results.Add("MediaContentRating$country", $complexMediaContentRating) } @@ -1132,27 +1132,27 @@ function Get-TargetResource $currentValueArray = $getValue.AdditionalProperties.networkUsageRules if ($null -ne $currentValueArray -and $currentValueArray.count -gt 0) { - foreach($currentValue in $currentValueArray) + foreach ($currentValue in $currentValueArray) { $currentValueHash = @{} - $currentValueHash.Add('CellularDataBlocked',$currentValue.cellularDataBlocked) - $currentValueHash.Add('CellularDataBlockWhenRoaming',$currentValue.cellularDataBlockWhenRoaming) + $currentValueHash.Add('CellularDataBlocked', $currentValue.cellularDataBlocked) + $currentValueHash.Add('CellularDataBlockWhenRoaming', $currentValue.cellularDataBlockWhenRoaming) $complexManagedApps = @() $currentValueChildArray = $currentValue.managedApps if ($null -ne $currentValueChildArray -and $currentValueChildArray.count -gt 0) { - foreach($currentChildValue in $currentValueChildArray) + foreach ($currentChildValue in $currentValueChildArray) { $currentHash = @{} - $currentHash.add('AppId',$currentValue.appid) - $currentHash.add('Publisher',$currentValue.publisher) - $currentHash.add('AppStoreUrl',$currentValue.appStoreUrl) - $currentHash.add('Name',$currentValue.name) - $currentHash.add('oDataType',$currentValue.'@odata.type') + $currentHash.add('AppId', $currentValue.appid) + $currentHash.add('Publisher', $currentValue.publisher) + $currentHash.add('AppStoreUrl', $currentValue.appStoreUrl) + $currentHash.add('Name', $currentValue.name) + $currentHash.add('oDataType', $currentValue.'@odata.type') $complexManagedApps += $currentHash } } - $currentValueHash.Add('ManagedApps',$complexManagedApps) + $currentValueHash.Add('ManagedApps', $complexManagedApps) $complexNetworkUsageRules += $currentValueHash } } @@ -1163,8 +1163,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -2061,7 +2061,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -2960,7 +2960,7 @@ function Test-TargetResource { $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` - -Target ($target) -verbose + -Target ($target) -Verbose if (-Not $testResult) { @@ -3365,7 +3365,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 index 6e478c8b13..e68a3d86bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 @@ -6,22 +6,22 @@ function Get-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('user','machine')] + [ValidateSet('user', 'machine')] [System.String] $CertificateStore, [Parameter()] - [ValidateSet('sha1','sha2')] + [ValidateSet('sha1', 'sha2')] [System.String] $HashAlgorithm, [Parameter()] - [ValidateSet('size1024','size2048','size4096')] + [ValidateSet('size1024', 'size2048', 'size4096')] [System.String] $KeySize, [Parameter()] - [ValidateSet('keyEncipherment','digitalSignature')] + [ValidateSet('keyEncipherment', 'digitalSignature')] [System.String[]] $KeyUsage, @@ -46,7 +46,7 @@ function Get-TargetResource $ExtendedKeyUsages, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -55,7 +55,7 @@ function Get-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -64,12 +64,12 @@ function Get-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -154,7 +154,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -167,8 +167,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows81SCEPCertificateProfile" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81SCEPCertificateProfile' ` + } } } #endregion @@ -190,7 +190,7 @@ function Get-TargetResource { $mycustomSubjectAlternativeNames.Add('SanType', $currentcustomSubjectAlternativeNames.sanType.toString()) } - if ($mycustomSubjectAlternativeNames.values.Where({$null -ne $_}).count -gt 0) + if ($mycustomSubjectAlternativeNames.values.Where({ $null -ne $_ }).count -gt 0) { $complexCustomSubjectAlternativeNames += $mycustomSubjectAlternativeNames } @@ -202,7 +202,7 @@ function Get-TargetResource $myextendedKeyUsages = @{} $myextendedKeyUsages.Add('Name', $currentextendedKeyUsages.name) $myextendedKeyUsages.Add('ObjectIdentifier', $currentextendedKeyUsages.objectIdentifier) - if ($myextendedKeyUsages.values.Where({$null -ne $_}).count -gt 0) + if ($myextendedKeyUsages.values.Where({ $null -ne $_ }).count -gt 0) { $complexExtendedKeyUsages += $myextendedKeyUsages } @@ -301,8 +301,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -327,22 +327,22 @@ function Set-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('user','machine')] + [ValidateSet('user', 'machine')] [System.String] $CertificateStore, [Parameter()] - [ValidateSet('sha1','sha2')] + [ValidateSet('sha1', 'sha2')] [System.String] $HashAlgorithm, [Parameter()] - [ValidateSet('size1024','size2048','size4096')] + [ValidateSet('size1024', 'size2048', 'size4096')] [System.String] $KeySize, [Parameter()] - [ValidateSet('keyEncipherment','digitalSignature')] + [ValidateSet('keyEncipherment', 'digitalSignature')] [System.String[]] $KeyUsage, @@ -367,7 +367,7 @@ function Set-TargetResource $ExtendedKeyUsages, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -376,7 +376,7 @@ function Set-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -385,12 +385,12 @@ function Set-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -473,7 +473,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Scep Certificate Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $BoundParameters.Remove('RootCertificateId') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() @@ -494,8 +494,8 @@ function Set-TargetResource -DeviceConfigurationId $RootCertificateId ` -ErrorAction SilentlyContinue | ` Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows81TrustedRootCertificate" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' + } if ($null -eq $RootCertificate) { @@ -505,8 +505,8 @@ function Set-TargetResource -Filter "DisplayName eq '$RootCertificateDisplayName'" ` -ErrorAction SilentlyContinue | ` Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows81TrustedRootCertificate" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' + } $RootCertificateId = $RootCertificate.Id if ($null -eq $RootCertificate) @@ -522,14 +522,14 @@ function Set-TargetResource } #region resource generator code - $CreateParameters.Add("rootCertificate@odata.bind", "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows81SCEPCertificateProfile") + $CreateParameters.Add('rootCertificate@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows81SCEPCertificateProfile') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -538,7 +538,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Scep Certificate Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $BoundParameters.Remove('RootCertificateId') | Out-Null $BoundParameters.Remove('RootCertificateDisplayName') | Out-Null @@ -557,7 +557,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows81SCEPCertificateProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows81SCEPCertificateProfile') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -572,8 +572,8 @@ function Set-TargetResource -DeviceConfigurationId $RootCertificateId ` -ErrorAction SilentlyContinue | ` Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows81TrustedRootCertificate" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' + } if ($null -eq $RootCertificate) { @@ -583,8 +583,8 @@ function Set-TargetResource -Filter "DisplayName eq '$RootCertificateDisplayName'" ` -ErrorAction SilentlyContinue | ` Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows81TrustedRootCertificate" - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' + } $RootCertificateId = $RootCertificate.Id if ($null -eq $RootCertificate) @@ -620,22 +620,22 @@ function Test-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('user','machine')] + [ValidateSet('user', 'machine')] [System.String] $CertificateStore, [Parameter()] - [ValidateSet('sha1','sha2')] + [ValidateSet('sha1', 'sha2')] [System.String] $HashAlgorithm, [Parameter()] - [ValidateSet('size1024','size2048','size4096')] + [ValidateSet('size1024', 'size2048', 'size4096')] [System.String] $KeySize, [Parameter()] - [ValidateSet('keyEncipherment','digitalSignature')] + [ValidateSet('keyEncipherment', 'digitalSignature')] [System.String[]] $KeyUsage, @@ -660,7 +660,7 @@ function Test-TargetResource $ExtendedKeyUsages, [Parameter()] - [ValidateSet('days','months','years')] + [ValidateSet('days', 'months', 'years')] [System.String] $CertificateValidityPeriodScale, @@ -669,7 +669,7 @@ function Test-TargetResource $CertificateValidityPeriodValue, [Parameter()] - [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp','useTpmKspOtherwiseFail','usePassportForWorkKspOtherwiseFail','useSoftwareKsp')] + [ValidateSet('useTpmKspOtherwiseUseSoftwareKsp', 'useTpmKspOtherwiseFail', 'usePassportForWorkKspOtherwiseFail', 'useSoftwareKsp')] [System.String] $KeyStorageProvider, @@ -678,12 +678,12 @@ function Test-TargetResource $RenewalThresholdPercentage, [Parameter()] - [ValidateSet('none','emailAddress','userPrincipalName','customAzureADAttribute','domainNameService','universalResourceIdentifier')] + [ValidateSet('none', 'emailAddress', 'userPrincipalName', 'customAzureADAttribute', 'domainNameService', 'universalResourceIdentifier')] [System.String] $SubjectAlternativeNameType, [Parameter()] - [ValidateSet('commonName','commonNameIncludingEmail','commonNameAsEmail','custom','commonNameAsIMEI','commonNameAsSerialNumber','commonNameAsAadDeviceId','commonNameAsIntuneDeviceId','commonNameAsDurableDeviceId')] + [ValidateSet('commonName', 'commonNameIncludingEmail', 'commonNameAsEmail', 'custom', 'commonNameAsIMEI', 'commonNameAsSerialNumber', 'commonNameAsAadDeviceId', 'commonNameAsIntuneDeviceId', 'commonNameAsDurableDeviceId')] [System.String] $SubjectNameFormat, @@ -874,7 +874,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81SCEPCertificateProfile' ` - } + } #endregion $i = 1 @@ -901,16 +901,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -963,15 +963,15 @@ function Export-TargetResource -Credential $Credential if ($Results.CustomSubjectAlternativeNames) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "CustomSubjectAlternativeNames" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'CustomSubjectAlternativeNames' -IsCIMArray:$True } if ($Results.ExtendedKeyUsages) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ExtendedKeyUsages" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ExtendedKeyUsages' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -984,7 +984,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -1037,7 +1037,7 @@ function Update-DeviceConfigurationPolicyRootCertificateId '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')" } - Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref|ConvertTo-Json) -ErrorAction Stop + Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop } Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/settings.json index 85b689c6d5..fbec56293e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationScepCertificatePolicyWindows10", "description": "This resource configures an Intune Device Configuration Scep Certificate Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 index 1f0f010d8b..c69bfe70c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 @@ -26,7 +26,7 @@ function Get-TargetResource $ConfigurationAccount, [Parameter()] - [ValidateSet('azureADAccount','domainAccount','localAccount','localGuestAccount')] + [ValidateSet('azureADAccount', 'domainAccount', 'localAccount', 'localGuestAccount')] [System.String] $ConfigurationAccountType, @@ -111,7 +111,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -124,8 +124,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10SecureAssessmentConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10SecureAssessmentConfiguration' ` + } } } #endregion @@ -174,8 +174,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -220,7 +220,7 @@ function Set-TargetResource $ConfigurationAccount, [Parameter()] - [ValidateSet('azureADAccount','domainAccount','localAccount','localGuestAccount')] + [ValidateSet('azureADAccount', 'domainAccount', 'localAccount', 'localGuestAccount')] [System.String] $ConfigurationAccountType, @@ -301,7 +301,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Secure Assessment Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -316,13 +316,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10SecureAssessmentConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10SecureAssessmentConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -331,7 +331,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Secure Assessment Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -347,7 +347,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10SecureAssessmentConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10SecureAssessmentConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -395,7 +395,7 @@ function Test-TargetResource $ConfigurationAccount, [Parameter()] - [ValidateSet('azureADAccount','domainAccount','localAccount','localGuestAccount')] + [ValidateSet('azureADAccount', 'domainAccount', 'localAccount', 'localGuestAccount')] [System.String] $ConfigurationAccountType, @@ -582,7 +582,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10SecureAssessmentConfiguration' ` - } + } #endregion $i = 1 @@ -609,16 +609,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -643,7 +643,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -657,7 +657,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/settings.json index 8812b2ccd2..987076826e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationSecureAssessmentPolicyWindows10", "description": "This resource configures an Intune Device Configuration Secure Assessment Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 index 79edae4207..41ae7f82e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 @@ -293,8 +293,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -897,7 +897,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/settings.json index db1d9e82e6..af0d67c121 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10", "description": "This resource configures an Intune Device Configuration Shared Multi Device Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 index 66719c16c1..8b948dc3c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource $CertFileName, [Parameter()] - [ValidateSet('computerCertStoreRoot','computerCertStoreIntermediate','userCertStoreIntermediate')] + [ValidateSet('computerCertStoreRoot', 'computerCertStoreIntermediate', 'userCertStoreIntermediate')] [System.String] $DestinationStore, @@ -91,7 +91,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -104,8 +104,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows81TrustedRootCertificate" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' ` + } } } #endregion @@ -149,8 +149,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -179,7 +179,7 @@ function Set-TargetResource $CertFileName, [Parameter()] - [ValidateSet('computerCertStoreRoot','computerCertStoreIntermediate','userCertStoreIntermediate')] + [ValidateSet('computerCertStoreRoot', 'computerCertStoreIntermediate', 'userCertStoreIntermediate')] [System.String] $DestinationStore, @@ -256,7 +256,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Trusted Certificate Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -271,13 +271,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows81TrustedRootCertificate") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows81TrustedRootCertificate') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -286,7 +286,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Trusted Certificate Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -302,7 +302,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows81TrustedRootCertificate") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows81TrustedRootCertificate') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -334,7 +334,7 @@ function Test-TargetResource $CertFileName, [Parameter()] - [ValidateSet('computerCertStoreRoot','computerCertStoreIntermediate','userCertStoreIntermediate')] + [ValidateSet('computerCertStoreRoot', 'computerCertStoreIntermediate', 'userCertStoreIntermediate')] [System.String] $DestinationStore, @@ -517,7 +517,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' ` - } + } #endregion $i = 1 @@ -544,16 +544,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -578,7 +578,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -592,7 +592,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/settings.json index 052b0d3143..f0b5956e3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationTrustedCertificatePolicyWindows10", "description": "This resource configures an Intune Device Configuration Trusted Certificate Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 index eb4017a22d..81fd5f7ace 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 @@ -10,12 +10,12 @@ function Get-TargetResource $AssociatedApps, [Parameter()] - [ValidateSet('certificate','usernameAndPassword','customEapXml','derivedCredential')] + [ValidateSet('certificate', 'usernameAndPassword', 'customEapXml', 'derivedCredential')] [System.String] $AuthenticationMethod, [Parameter()] - [ValidateSet('pulseSecure','f5EdgeClient','dellSonicWallMobileConnect','checkPointCapsuleVpn','automatic','ikEv2','l2tp','pptp','citrix','paloAltoGlobalProtect','ciscoAnyConnect','unknownFutureValue','microsoftTunnel')] + [ValidateSet('pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'automatic', 'ikEv2', 'l2tp', 'pptp', 'citrix', 'paloAltoGlobalProtect', 'ciscoAnyConnect', 'unknownFutureValue', 'microsoftTunnel')] [System.String] $ConnectionType, @@ -68,7 +68,7 @@ function Get-TargetResource $OnlyAssociatedAppsCanUseConnection, [Parameter()] - [ValidateSet('user','device','autoPilotDevice')] + [ValidateSet('user', 'device', 'autoPilotDevice')] [System.String] $ProfileTarget, @@ -189,7 +189,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -202,8 +202,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10VpnConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10VpnConfiguration' ` + } } } #endregion @@ -225,7 +225,7 @@ function Get-TargetResource $myassociatedApps.Add('AppType', $currentassociatedApps.appType.toString()) } $myassociatedApps.Add('Identifier', $currentassociatedApps.identifier) - if ($myassociatedApps.values.Where({$null -ne $_}).count -gt 0) + if ($myassociatedApps.values.Where({ $null -ne $_ }).count -gt 0) { $complexAssociatedApps += $myassociatedApps } @@ -256,7 +256,7 @@ function Get-TargetResource { $complexCryptographySuite.Add('PfsGroup', $getValue.AdditionalProperties.cryptographySuite.pfsGroup.toString()) } - if ($complexCryptographySuite.values.Where({$null -ne $_}).count -eq 0) + if ($complexCryptographySuite.values.Where({ $null -ne $_ }).count -eq 0) { $complexCryptographySuite = $null } @@ -270,7 +270,7 @@ function Get-TargetResource $mydnsRules.Add('Persistent', $currentdnsRules.persistent) $mydnsRules.Add('ProxyServerUri', $currentdnsRules.proxyServerUri) $mydnsRules.Add('Servers', $currentdnsRules.servers) - if ($mydnsRules.values.Where({$null -ne $_}).count -gt 0) + if ($mydnsRules.values.Where({ $null -ne $_ }).count -gt 0) { $complexDnsRules += $mydnsRules } @@ -286,7 +286,7 @@ function Get-TargetResource { $complexProxyServer.Add('odataType', $getValue.AdditionalProperties.proxyServer.'@odata.type'.toString()) } - if ($complexProxyServer.values.Where({$null -ne $_}).count -eq 0) + if ($complexProxyServer.values.Where({ $null -ne $_ }).count -eq 0) { $complexProxyServer = $null } @@ -297,7 +297,7 @@ function Get-TargetResource $myroutes = @{} $myroutes.Add('DestinationPrefix', $currentroutes.destinationPrefix) $myroutes.Add('PrefixSize', $currentroutes.prefixSize) - if ($myroutes.values.Where({$null -ne $_}).count -gt 0) + if ($myroutes.values.Where({ $null -ne $_ }).count -gt 0) { $complexRoutes += $myroutes } @@ -306,7 +306,7 @@ function Get-TargetResource $complexSingleSignOnEku = @{} $complexSingleSignOnEku.Add('Name', $getValue.AdditionalProperties.singleSignOnEku.name) $complexSingleSignOnEku.Add('ObjectIdentifier', $getValue.AdditionalProperties.singleSignOnEku.objectIdentifier) - if ($complexSingleSignOnEku.values.Where({$null -ne $_}).count -eq 0) + if ($complexSingleSignOnEku.values.Where({ $null -ne $_ }).count -eq 0) { $complexSingleSignOnEku = $null } @@ -332,24 +332,24 @@ function Get-TargetResource { $myLocalAddressRanges.Add('odataType', $currentLocalAddressRanges.'@odata.type'.toString()) } - if ($myLocalAddressRanges.values.Where({$null -ne $_}).count -gt 0) + if ($myLocalAddressRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalAddressRanges += $myLocalAddressRanges } } - $mytrafficRules.Add('LocalAddressRanges',$complexLocalAddressRanges) + $mytrafficRules.Add('LocalAddressRanges', $complexLocalAddressRanges) $complexLocalPortRanges = @() foreach ($currentLocalPortRanges in $currenttrafficRules.localPortRanges) { $myLocalPortRanges = @{} $myLocalPortRanges.Add('LowerNumber', $currentLocalPortRanges.lowerNumber) $myLocalPortRanges.Add('UpperNumber', $currentLocalPortRanges.upperNumber) - if ($myLocalPortRanges.values.Where({$null -ne $_}).count -gt 0) + if ($myLocalPortRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalPortRanges += $myLocalPortRanges } } - $mytrafficRules.Add('LocalPortRanges',$complexLocalPortRanges) + $mytrafficRules.Add('LocalPortRanges', $complexLocalPortRanges) $mytrafficRules.Add('Name', $currenttrafficRules.name) $mytrafficRules.Add('Protocols', $currenttrafficRules.protocols) $complexRemoteAddressRanges = @() @@ -363,24 +363,24 @@ function Get-TargetResource { $myRemoteAddressRanges.Add('odataType', $currentRemoteAddressRanges.'@odata.type'.toString()) } - if ($myRemoteAddressRanges.values.Where({$null -ne $_}).count -gt 0) + if ($myRemoteAddressRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexRemoteAddressRanges += $myRemoteAddressRanges } } - $mytrafficRules.Add('RemoteAddressRanges',$complexRemoteAddressRanges) + $mytrafficRules.Add('RemoteAddressRanges', $complexRemoteAddressRanges) $complexRemotePortRanges = @() foreach ($currentRemotePortRanges in $currenttrafficRules.remotePortRanges) { $myRemotePortRanges = @{} $myRemotePortRanges.Add('LowerNumber', $currentRemotePortRanges.lowerNumber) $myRemotePortRanges.Add('UpperNumber', $currentRemotePortRanges.upperNumber) - if ($myRemotePortRanges.values.Where({$null -ne $_}).count -gt 0) + if ($myRemotePortRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexRemotePortRanges += $myRemotePortRanges } } - $mytrafficRules.Add('RemotePortRanges',$complexRemotePortRanges) + $mytrafficRules.Add('RemotePortRanges', $complexRemotePortRanges) if ($null -ne $currenttrafficRules.routingPolicyType) { $mytrafficRules.Add('RoutingPolicyType', $currenttrafficRules.routingPolicyType.toString()) @@ -389,7 +389,7 @@ function Get-TargetResource { $mytrafficRules.Add('VpnTrafficDirection', $currenttrafficRules.vpnTrafficDirection.toString()) } - if ($mytrafficRules.values.Where({$null -ne $_}).count -gt 0) + if ($mytrafficRules.values.Where({ $null -ne $_ }).count -gt 0) { $complexTrafficRules += $mytrafficRules } @@ -402,7 +402,7 @@ function Get-TargetResource $myservers.Add('Address', $currentservers.address) $myservers.Add('Description', $currentservers.description) $myservers.Add('IsDefaultServer', $currentservers.isDefaultServer) - if ($myservers.values.Where({$null -ne $_}).count -gt 0) + if ($myservers.values.Where({ $null -ne $_ }).count -gt 0) { $complexServers += $myservers } @@ -477,8 +477,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -507,12 +507,12 @@ function Set-TargetResource $AssociatedApps, [Parameter()] - [ValidateSet('certificate','usernameAndPassword','customEapXml','derivedCredential')] + [ValidateSet('certificate', 'usernameAndPassword', 'customEapXml', 'derivedCredential')] [System.String] $AuthenticationMethod, [Parameter()] - [ValidateSet('pulseSecure','f5EdgeClient','dellSonicWallMobileConnect','checkPointCapsuleVpn','automatic','ikEv2','l2tp','pptp','citrix','paloAltoGlobalProtect','ciscoAnyConnect','unknownFutureValue','microsoftTunnel')] + [ValidateSet('pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'automatic', 'ikEv2', 'l2tp', 'pptp', 'citrix', 'paloAltoGlobalProtect', 'ciscoAnyConnect', 'unknownFutureValue', 'microsoftTunnel')] [System.String] $ConnectionType, @@ -565,7 +565,7 @@ function Set-TargetResource $OnlyAssociatedAppsCanUseConnection, [Parameter()] - [ValidateSet('user','device','autoPilotDevice')] + [ValidateSet('user', 'device', 'autoPilotDevice')] [System.String] $ProfileTarget, @@ -680,13 +680,13 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $keyToRename = @{ - 'odataType' = '@odata.type' + 'odataType' = '@odata.type' 'ServerCollection' = 'servers' } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Vpn Policy for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters -KeyMapping $keyToRename @@ -701,13 +701,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10VpnConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10VpnConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -716,7 +716,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Vpn Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters -KeyMapping $keyToRename @@ -732,7 +732,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10VpnConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10VpnConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -764,12 +764,12 @@ function Test-TargetResource $AssociatedApps, [Parameter()] - [ValidateSet('certificate','usernameAndPassword','customEapXml','derivedCredential')] + [ValidateSet('certificate', 'usernameAndPassword', 'customEapXml', 'derivedCredential')] [System.String] $AuthenticationMethod, [Parameter()] - [ValidateSet('pulseSecure','f5EdgeClient','dellSonicWallMobileConnect','checkPointCapsuleVpn','automatic','ikEv2','l2tp','pptp','citrix','paloAltoGlobalProtect','ciscoAnyConnect','unknownFutureValue','microsoftTunnel')] + [ValidateSet('pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'automatic', 'ikEv2', 'l2tp', 'pptp', 'citrix', 'paloAltoGlobalProtect', 'ciscoAnyConnect', 'unknownFutureValue', 'microsoftTunnel')] [System.String] $ConnectionType, @@ -822,7 +822,7 @@ function Test-TargetResource $OnlyAssociatedAppsCanUseConnection, [Parameter()] - [ValidateSet('user','device','autoPilotDevice')] + [ValidateSet('user', 'device', 'autoPilotDevice')] [System.String] $ProfileTarget, @@ -1045,7 +1045,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10VpnConfiguration' ` - } + } #endregion $i = 1 @@ -1072,16 +1072,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1175,29 +1175,29 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'TrafficRules' + Name = 'TrafficRules' CimInstanceName = 'MicrosoftGraphVpnTrafficRule' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalAddressRanges' + Name = 'LocalAddressRanges' CimInstanceName = 'MicrosoftGraphIPv4Range' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalPortRanges' + Name = 'LocalPortRanges' CimInstanceName = 'MicrosoftGraphNumberRange' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RemoteAddressRanges' + Name = 'RemoteAddressRanges' CimInstanceName = 'MicrosoftGraphIPv4Range' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RemotePortRanges' + Name = 'RemotePortRanges' CimInstanceName = 'MicrosoftGraphNumberRange' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -1247,39 +1247,39 @@ function Export-TargetResource -Credential $Credential if ($Results.AssociatedApps) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AssociatedApps" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AssociatedApps' -IsCIMArray:$True } if ($Results.CryptographySuite) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "CryptographySuite" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'CryptographySuite' -IsCIMArray:$False } if ($Results.DnsRules) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DnsRules" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DnsRules' -IsCIMArray:$True } if ($Results.ProxyServer) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ProxyServer" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ProxyServer' -IsCIMArray:$False } if ($Results.Routes) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Routes" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Routes' -IsCIMArray:$True } if ($Results.SingleSignOnEku) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SingleSignOnEku" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SingleSignOnEku' -IsCIMArray:$False } if ($Results.TrafficRules) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "TrafficRules" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'TrafficRules' -IsCIMArray:$True } if ($Results.ServerCollection) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ServerCollection" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ServerCollection' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -1292,7 +1292,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -1311,4 +1311,4 @@ function Export-TargetResource } } -Export-ModuleMember -Function *-TargetResource,* +Export-ModuleMember -Function *-TargetResource, * diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/settings.json index 68a260efb4..93d32b9db2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationVpnPolicyWindows10", "description": "This resource configures an Intune Device Configuration Vpn Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 index 8bc1deb336..96758bfbf8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 @@ -38,7 +38,7 @@ function Get-TargetResource $MiracastBlocked, [Parameter()] - [ValidateSet('userDefined','one','two','three','four','five','six','seven','eight','nine','ten','eleven','thirtySix','forty','fortyFour','fortyEight','oneHundredFortyNine','oneHundredFiftyThree','oneHundredFiftySeven','oneHundredSixtyOne','oneHundredSixtyFive')] + [ValidateSet('userDefined', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine', 'ten', 'eleven', 'thirtySix', 'forty', 'fortyFour', 'fortyEight', 'oneHundredFortyNine', 'oneHundredFiftyThree', 'oneHundredFiftySeven', 'oneHundredSixtyOne', 'oneHundredSixtyFive')] [System.String] $MiracastChannel, @@ -83,7 +83,7 @@ function Get-TargetResource $WelcomeScreenBlockAutomaticWakeUp, [Parameter()] - [ValidateSet('userDefined','showOrganizerAndTimeOnly','showOrganizerAndTimeAndSubject')] + [ValidateSet('userDefined', 'showOrganizerAndTimeOnly', 'showOrganizerAndTimeAndSubject')] [System.String] $WelcomeScreenMeetingInformation, @@ -164,7 +164,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -177,8 +177,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10TeamGeneralConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10TeamGeneralConfiguration' ` + } } } #endregion @@ -254,8 +254,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -312,7 +312,7 @@ function Set-TargetResource $MiracastBlocked, [Parameter()] - [ValidateSet('userDefined','one','two','three','four','five','six','seven','eight','nine','ten','eleven','thirtySix','forty','fortyFour','fortyEight','oneHundredFortyNine','oneHundredFiftyThree','oneHundredFiftySeven','oneHundredSixtyOne','oneHundredSixtyFive')] + [ValidateSet('userDefined', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine', 'ten', 'eleven', 'thirtySix', 'forty', 'fortyFour', 'fortyEight', 'oneHundredFortyNine', 'oneHundredFiftyThree', 'oneHundredFiftySeven', 'oneHundredSixtyOne', 'oneHundredSixtyFive')] [System.String] $MiracastChannel, @@ -357,7 +357,7 @@ function Set-TargetResource $WelcomeScreenBlockAutomaticWakeUp, [Parameter()] - [ValidateSet('userDefined','showOrganizerAndTimeOnly','showOrganizerAndTimeAndSubject')] + [ValidateSet('userDefined', 'showOrganizerAndTimeOnly', 'showOrganizerAndTimeAndSubject')] [System.String] $WelcomeScreenMeetingInformation, @@ -434,7 +434,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Windows Team Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -449,13 +449,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10TeamGeneralConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10TeamGeneralConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -464,7 +464,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Windows Team Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -480,7 +480,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10TeamGeneralConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10TeamGeneralConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -540,7 +540,7 @@ function Test-TargetResource $MiracastBlocked, [Parameter()] - [ValidateSet('userDefined','one','two','three','four','five','six','seven','eight','nine','ten','eleven','thirtySix','forty','fortyFour','fortyEight','oneHundredFortyNine','oneHundredFiftyThree','oneHundredFiftySeven','oneHundredSixtyOne','oneHundredSixtyFive')] + [ValidateSet('userDefined', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine', 'ten', 'eleven', 'thirtySix', 'forty', 'fortyFour', 'fortyEight', 'oneHundredFortyNine', 'oneHundredFiftyThree', 'oneHundredFiftySeven', 'oneHundredSixtyOne', 'oneHundredSixtyFive')] [System.String] $MiracastChannel, @@ -585,7 +585,7 @@ function Test-TargetResource $WelcomeScreenBlockAutomaticWakeUp, [Parameter()] - [ValidateSet('userDefined','showOrganizerAndTimeOnly','showOrganizerAndTimeAndSubject')] + [ValidateSet('userDefined', 'showOrganizerAndTimeOnly', 'showOrganizerAndTimeAndSubject')] [System.String] $WelcomeScreenMeetingInformation, @@ -768,7 +768,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10TeamGeneralConfiguration' ` - } + } #endregion $i = 1 @@ -795,16 +795,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -829,7 +829,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -843,7 +843,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json index e5bc5b667d..24fb9c88af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationWindowsTeamPolicyWindows10", "description": "This resource configures an Intune Device Configuration Windows Team Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index 8e4c4b36a7..28a61c850c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -257,11 +257,11 @@ function Get-TargetResource } #endregion - $rootCertificateForClientValidation = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName rootCertificateForClientValidation - $rootCertificatesForServerValidation = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName rootCertificatesForServerValidation - $identityCertificateForClientAuthentication = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName identityCertificateForClientAuthentication + $rootCertificateForClientValidation = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName rootCertificateForClientValidation + $rootCertificatesForServerValidation = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName rootCertificatesForServerValidation + $identityCertificateForClientAuthentication = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName identityCertificateForClientAuthentication $secondaryIdentityCertificateForClientAuthentication = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName secondaryIdentityCertificateForClientAuthentication - $secondaryRootCertificateForClientValidation = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName secondaryRootCertificateForClientValidation + $secondaryRootCertificateForClientValidation = Get-DeviceConfigurationPolicyCertificate -DeviceConfigurationPolicyId $getValue.Id -CertificateName secondaryRootCertificateForClientValidation $results = @{ #region resource generator code @@ -313,8 +313,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -578,7 +578,7 @@ function Set-TargetResource '#microsoft.graph.windows81SCEPCertificateProfile', ` '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` - ) + ) $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('identityCertificateForClientAuthentication@odata.bind', $ref) } @@ -592,7 +592,7 @@ function Set-TargetResource '#microsoft.graph.windows81SCEPCertificateProfile', ` '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` - ) + ) $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryIdentityCertificateForClientAuthentication@odata.bind', $ref) } @@ -712,7 +712,7 @@ function Set-TargetResource '#microsoft.graph.windows81SCEPCertificateProfile', ` '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` - ) + ) Update-DeviceConfigurationPolicyCertificateId -DeviceConfigurationPolicyId $currentInstance.Id ` -CertificateIds $IdentityCertificateForClientAuthenticationId ` -CertificateName identityCertificateForClientAuthentication @@ -730,7 +730,7 @@ function Set-TargetResource '#microsoft.graph.windows81SCEPCertificateProfile', ` '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` - ) + ) Update-DeviceConfigurationPolicyCertificateId -DeviceConfigurationPolicyId $currentInstance.Id ` -CertificateIds $SecondaryIdentityCertificateForClientAuthenticationId ` -CertificateName secondaryIdentityCertificateForClientAuthentication @@ -1155,8 +1155,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Message: Location header not present in redirection response.*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Message: Location header not present in redirection response.*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -1195,13 +1195,13 @@ function Get-DeviceConfigurationPolicyCertificate $result = Invoke-MgGraphRequest -Method Get -Uri $Uri 4>$null return $(if ($result.value) - { - $result.value - } - else - { - $result - }) + { + $result.value + } + else + { + $result + }) } catch { @@ -1296,8 +1296,8 @@ function Get-IntuneDeviceConfigurationCertificateId -DeviceConfigurationId $CertificateId ` -ErrorAction SilentlyContinue | ` Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -in $OdataTypes - } + $_.AdditionalProperties.'@odata.type' -in $OdataTypes + } if ($null -eq $Certificate) { @@ -1307,8 +1307,8 @@ function Get-IntuneDeviceConfigurationCertificateId -Filter "DisplayName eq '$CertificateDisplayName'" ` -ErrorAction SilentlyContinue | ` Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -in $OdataTypes - } + $_.AdditionalProperties.'@odata.type' -in $OdataTypes + } if ($null -eq $Certificate) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/settings.json index 905ce1cdc7..33e5bf10e9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneDeviceConfigurationWiredNetworkPolicyWindows10", "description": "This resource configures an Intune Device Configuration Wired Network Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 index a845f318f3..cefaba98a3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 @@ -256,7 +256,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -296,10 +296,10 @@ function Get-TargetResource foreach ($currentEntry in $currentPolicyRule.entry) { $complexEntry += @{ - Type = $currentEntry.Type - Options = $currentEntry.Options - Sid = $currentEntry.Sid - AccessMask = $currentEntry.AccessMask + Type = $currentEntry.Type + Options = $currentEntry.Options + Sid = $currentEntry.Sid + AccessMask = $currentEntry.AccessMask ComputerSid = $currentEntry.ComputerSid } } @@ -610,7 +610,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Control Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -641,7 +641,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Control Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -1042,14 +1042,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "0f2034c6-3cd6-4ee1-bd37-f3c0693e9548_1" + $policyTemplateID = '0f2034c6-3cd6-4ee1-bd37-f3c0693e9548_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -1075,16 +1075,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1094,14 +1094,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'PolicyRule' + Name = 'PolicyRule' CimInstanceName = 'MicrosoftGraphIntuneSettingsCatalogPolicyRule' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Entry' + Name = 'Entry' CimInstanceName = 'MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -1139,12 +1139,12 @@ function Export-TargetResource -Credential $Credential if ($Results.PolicyRule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PolicyRule" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PolicyRule' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json index 942c440c54..1b9a0b3493 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneDeviceControlPolicyWindows10", - "description":"This resource configures an Intune Device Control Policy for Windows10.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.Read.All" - } - ], - "update":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application":{ - "read":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.Read.All" - } - ], - "update":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } - } + "resourceName": "IntuneDeviceControlPolicyWindows10", + "description": "This resource configures an Intune Device Control Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 index ecd2b03243..de2fe908c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 @@ -397,7 +397,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index e29b5fa2e0..f3e30f625a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -117,7 +117,7 @@ function Get-TargetResource $keys = (([Hashtable]$PSBoundParameters).Clone()).Keys foreach ($key in $keys) { - if ($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like '*cimInstance*' -and $key -like "*Restriction") + if ($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like '*cimInstance*' -and $key -like '*Restriction') { if ($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) { @@ -129,10 +129,12 @@ function Get-TargetResource try { - try { + try + { $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction Stop } - catch { + catch + { $config = $null } @@ -141,9 +143,16 @@ function Get-TargetResource Write-Verbose -Message "Could not find an Intune Device Enrollment Platform Restriction with Id {$Identity}" $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -All -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -like "#microsoft.graph.deviceEnrollmentPlatformRestriction*Configuration" -and - $(if ($null -ne $_.AdditionalProperties.platformType) { $_.AdditionalProperties.platformType -eq $PlatformType } else { $true }) - } + $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatformRestriction*Configuration' -and + $(if ($null -ne $_.AdditionalProperties.platformType) + { + $_.AdditionalProperties.platformType -eq $PlatformType + } + else + { + $true + }) + } if ($null -eq $config) { @@ -181,8 +190,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -311,7 +320,8 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - if ($Ensure -eq 'Absent' -and $Identity -like '*_DefaultPlatformRestrictions') { + if ($Ensure -eq 'Absent' -and $Identity -like '*_DefaultPlatformRestrictions') + { throw 'Cannot delete the default platform restriction policy.' } @@ -383,7 +393,7 @@ function Set-TargetResource if ($PriorityPresent -and $Priority -ne $policy.Priority) { - $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $policy.Id + $Uri = '/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority' -f $policy.Id $Body = @{ priority = $Priority } @@ -448,7 +458,7 @@ function Set-TargetResource if ($PriorityPresent -and $Priority -ne $currentInstance.Priority) { - $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentInstance.Identity + $Uri = '/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority' -f $currentInstance.Identity $Body = @{ priority = $Priority } @@ -623,7 +633,7 @@ function Test-TargetResource #Compare basic parameters if ($testResult) { - Write-Verbose -Message "Comparing the current values with the desired ones" + Write-Verbose -Message 'Comparing the current values with the desired ones' $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -912,7 +922,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index 8d5aec841c..f5a9a6e758 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -142,7 +142,7 @@ function Get-TargetResource $getValue = $null #region resource generator code $getValue = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Id -ErrorAction SilentlyContinue ` - | Where-Object -FilterScript {$null -ne $_.DisplayName} + | Where-Object -FilterScript { $null -ne $_.DisplayName } if ($null -eq $getValue) { @@ -156,7 +156,7 @@ function Get-TargetResource -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration' ` - } | Where-Object -FilterScript {$null -ne $_.DisplayName} + } | Where-Object -FilterScript { $null -ne $_.DisplayName } } } #endregion @@ -166,7 +166,7 @@ function Get-TargetResource return $nullResult } - if($getValue -is [Array] -and $getValue.Length -gt 1) + if ($getValue -is [Array] -and $getValue.Length -gt 1) { Throw "The DisplayName {$DisplayName} returned multiple policies, make sure DisplayName is unique." } @@ -208,8 +208,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -406,11 +406,11 @@ function Set-TargetResource $policy = New-MgBetaDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $CreateParameters $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } - $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments} | ConvertTo-Json -Depth 100 + $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100 $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign" Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -444,11 +444,11 @@ function Set-TargetResource if ($currentInstance.Id -notlike '*_DefaultWindows10EnrollmentCompletionPageConfiguration') { $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } - $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments} | ConvertTo-Json -Depth 100 + $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100 $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign" Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -793,7 +793,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 index 8fc3e91fd8..4768ea03b2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 @@ -46,7 +46,7 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Management Compliance Settings" + Write-Verbose -Message 'Checking for the Intune Device Management Compliance Settings' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -142,7 +142,7 @@ function Set-TargetResource $AccessTokens ) - Write-Verbose -Message "Updating the Intune Device Management Compliance Settings" + Write-Verbose -Message 'Updating the Intune Device Management Compliance Settings' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -226,7 +226,7 @@ function Test-TargetResource #endregion $ValuesToCheck = $PSBoundParameters - Write-Verbose -Message "Testing configuration of Intune Device Management Compliance Settings" + Write-Verbose -Message 'Testing configuration of Intune Device Management Compliance Settings' $CurrentValues = Get-TargetResource @PSBoundParameters Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" @@ -308,16 +308,16 @@ function Export-TargetResource } $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark return $currentDSCBlock @@ -325,7 +325,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 index 8f861afc3d..d5274b53e4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 @@ -92,27 +92,28 @@ function Get-TargetResource $allSettings = Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting $specificSetting = $allSettings | Where-Object { $_.id -eq $Id } - if (-not $specificSetting) { + if (-not $specificSetting) + { Write-Verbose "No Android Managed Store Account Enterprise Setting found with Id $Id." return $nullResult } $result = @{ - Id = $specificSetting.id - BindStatus = $specificSetting.bindStatus + Id = $specificSetting.id + BindStatus = $specificSetting.bindStatus # OwnerUserPrincipalName = $specificSetting.ownerUserPrincipalName # OwnerOrganizationName = $specificSetting.ownerOrganizationName # EnrollmentTarget = $specificSetting.enrollmentTarget # DeviceOwnerManagementEnabled = $specificSetting.deviceOwnerManagementEnabled # AndroidDeviceOwnerFullyManagedEnrollmentEnabled = $specificSetting.androidDeviceOwnerFullyManagedEnrollmentEnabled - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return $result @@ -224,10 +225,10 @@ function Set-TargetResource $dataSharingConsent = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'androidManagedStore' if ($dataSharingConsent.granted -eq $false) { - Write-Verbose -Message "Consent not granted, requesting consent..." - $consentResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing") -Method 'POST' -Body @{ - DataSharingConsentId = "androidManagedStore" - } -ContentType "application/json" + Write-Verbose -Message 'Consent not granted, requesting consent...' + $consentResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{ + DataSharingConsentId = 'androidManagedStore' + } -ContentType 'application/json' } # Request enrollment signup URL if necessary @@ -242,13 +243,13 @@ function Set-TargetResource # hostName = "intune.microsoft.com" # } -ContentType "application/json" - # return $nullResult + # return $nullResult # } } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Host "Remove the Intune Device Management Android Google Play Enrollment with Id {$($currentInstance.Id)}" - $unbindResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind") -Method 'POST' -Body @{} -ContentType "application/json" + Write-Host "Remove the Intune Device Management Android Google Play Enrollment with Id {$($currentInstance.Id)}" + $unbindResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 index 70fd240251..1595ccce2b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -138,13 +138,13 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - Write-Verbose -Message "Trying to retrieve profile by Id" + Write-Verbose -Message 'Trying to retrieve profile by Id' $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` -AndroidDeviceOwnerEnrollmentProfileId $Id } if ($null -eq $androidDeviceOwnerEnrollmentProfile) { - Write-Verbose -Message "Trying to retrieve profile by DisplayName" + Write-Verbose -Message 'Trying to retrieve profile by DisplayName' $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` -All ` -Filter "displayName eq '$DisplayName'" ` @@ -498,12 +498,12 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" $TestResult = Test-M365DSCParameterState ` - -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys - Write-Verbose -Message "Test-TargetResource returned $TestResult" + Write-Verbose -Message "Test-TargetResource returned $TestResult" return $TestResult } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 index ec8084c59f..44044a2ca2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 @@ -18,7 +18,7 @@ function Get-TargetResource $DetectionScriptParameters, [Parameter()] - [ValidateSet('deviceHealthScript','managedInstallerScript')] + [ValidateSet('deviceHealthScript', 'managedInstallerScript')] [System.String] $DeviceHealthScriptType, @@ -55,7 +55,7 @@ function Get-TargetResource $RunAs32Bit, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -137,8 +137,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.DeviceHealthScriptType -eq "deviceHealthScript" ` - } + $_.DeviceHealthScriptType -eq 'deviceHealthScript' ` + } if ($null -ne $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceHealthScript -DeviceHealthScriptId $getValue.Id @@ -168,7 +168,7 @@ function Get-TargetResource { $myDetectionScriptParameters.Add('odataType', $currentDetectionScriptParameters.'@odata.type'.toString()) } - if ($myDetectionScriptParameters.values.Where({$null -ne $_}).count -gt 0) + if ($myDetectionScriptParameters.values.Where({ $null -ne $_ }).count -gt 0) { $complexDetectionScriptParameters += $myDetectionScriptParameters } @@ -187,7 +187,7 @@ function Get-TargetResource { $myRemediationScriptParameters.Add('odataType', $currentRemediationScriptParameters.'@odata.type'.toString()) } - if ($myRemediationScriptParameters.values.Where({$null -ne $_}).count -gt 0) + if ($myRemediationScriptParameters.values.Where({ $null -ne $_ }).count -gt 0) { $complexRemediationScriptParameters += $myRemediationScriptParameters } @@ -250,16 +250,16 @@ function Get-TargetResource $assignmentResult += @{ RunRemediationScript = $assignment.RunRemediationScript - RunSchedule = @{ + RunSchedule = @{ DataType = $assignment.RunSchedule.AdditionalProperties.'@odata.type' - Date = $assignment.RunSchedule.AdditionalProperties.date + Date = $assignment.RunSchedule.AdditionalProperties.date Interval = $assignment.RunSchedule.Interval - Time = $time - UseUtc = $assignment.RunSchedule.AdditionalProperties.useUtc + Time = $time + UseUtc = $assignment.RunSchedule.AdditionalProperties.useUtc } - Assignment = (ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments $assignment) | Select-Object -First 1 + Assignment = (ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments $assignment) | Select-Object -First 1 } } $results.Add('Assignments', $assignmentResult) @@ -297,7 +297,7 @@ function Set-TargetResource $DetectionScriptParameters, [Parameter()] - [ValidateSet('deviceHealthScript','managedInstallerScript')] + [ValidateSet('deviceHealthScript', 'managedInstallerScript')] [System.String] $DeviceHealthScriptType, @@ -334,7 +334,7 @@ function Set-TargetResource $RunAs32Bit, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -400,7 +400,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Remediation with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$BoundParameters).Clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -423,7 +423,8 @@ function Set-TargetResource { $assignmentTarget = ConvertTo-IntunePolicyAssignment -Assignments $assignment.Assignment $runSchedule = $null - if ($null -ne $assignment.RunSchedule.DataType) { + if ($null -ne $assignment.RunSchedule.DataType) + { $runSchedule = @{ '@odata.type' = $assignment.RunSchedule.DataType } @@ -446,8 +447,8 @@ function Set-TargetResource } $assignmentsHash += @{ runRemediationScript = $assignment.RunRemediationScript - runSchedule = $runSchedule - target = $assignmentTarget.target + runSchedule = $runSchedule + target = $assignmentTarget.target } } @@ -464,7 +465,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Remediation with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$BoundParameters).Clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -477,10 +478,10 @@ function Set-TargetResource { Write-Warning -Message "The Intune Device Remediation with Id {$($currentInstance.Id)} is a global script and only few properties can be updated." $UpdateParameters = @{ - Id = $currentInstance.Id + Id = $currentInstance.Id RoleScopeTagIds = $RoleScopeTagIds - RunAs32Bit = $RunAs32Bit - RunAsAccount = $RunAsAccount + RunAs32Bit = $RunAs32Bit + RunAsAccount = $RunAsAccount } } @@ -502,7 +503,8 @@ function Set-TargetResource { $assignmentTarget = ConvertTo-IntunePolicyAssignment -Assignments $assignment.Assignment $runSchedule = $null - if ($null -ne $assignment.RunSchedule.DataType) { + if ($null -ne $assignment.RunSchedule.DataType) + { $runSchedule = @{ '@odata.type' = $assignment.RunSchedule.DataType } @@ -525,8 +527,8 @@ function Set-TargetResource } $assignmentsHash += @{ runRemediationScript = $assignment.RunRemediationScript - runSchedule = $runSchedule - target = $assignmentTarget.target + runSchedule = $runSchedule + target = $assignmentTarget.target } } $uri = "/beta/deviceManagement/deviceHealthScripts/$($currentInstance.Id)/assign" @@ -569,7 +571,7 @@ function Test-TargetResource $DetectionScriptParameters, [Parameter()] - [ValidateSet('deviceHealthScript','managedInstallerScript')] + [ValidateSet('deviceHealthScript', 'managedInstallerScript')] [System.String] $DeviceHealthScriptType, @@ -606,7 +608,7 @@ function Test-TargetResource $RunAs32Bit, [Parameter()] - [ValidateSet('system','user')] + [ValidateSet('system', 'user')] [System.String] $RunAsAccount, @@ -703,7 +705,7 @@ function Test-TargetResource if ($CurrentValues.IsGlobalScript) { - Write-Verbose -Message "Detected a global script, removing read-only properties from the comparison" + Write-Verbose -Message 'Detected a global script, removing read-only properties from the comparison' $ValuesToCheck.Remove('DetectionScriptContent') | Out-Null $ValuesToCheck.Remove('RemediationScriptContent') | Out-Null $ValuesToCheck.Remove('DetectionScriptParameters') | Out-Null @@ -820,7 +822,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -866,14 +868,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'RunSchedule' + Name = 'RunSchedule' CimInstanceName = 'IntuneDeviceRemediationRunSchedule' - IsRequired = $false + IsRequired = $false } @{ - Name = 'Assignment' + Name = 'Assignment' CimInstanceName = 'DeviceManagementConfigurationPolicyAssignments' - IsRequired = $true + IsRequired = $true } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -897,18 +899,18 @@ function Export-TargetResource -Credential $Credential if ($Results.DetectionScriptParameters) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DetectionScriptParameters" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DetectionScriptParameters' -IsCIMArray:$True } if ($Results.RemediationScriptParameters) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "RemediationScriptParameters" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'RemediationScriptParameters' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = (Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true).Replace("''", "'") - $currentDSCBlock = [Regex]::Replace($currentDSCBlock, "Assignment = '\r\n ", "Assignment = ") - $currentDSCBlock = $currentDSCBlock.Replace("RunSchedule = '", "RunSchedule = ").Replace("}'", "}") - $currentDSCBlock = [Regex]::Replace($currentDSCBlock, "\r\n '", "") + $currentDSCBlock = (Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true).Replace("''", "'") + $currentDSCBlock = [Regex]::Replace($currentDSCBlock, "Assignment = '\r\n ", 'Assignment = ') + $currentDSCBlock = $currentDSCBlock.Replace("RunSchedule = '", 'RunSchedule = ').Replace("}'", '}') + $currentDSCBlock = [Regex]::Replace($currentDSCBlock, "\r\n '", '') } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/settings.json index d2f13930e3..62a64d4989 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/settings.json @@ -1,51 +1,50 @@ { - "resourceName": "IntuneDeviceRemediation", - "description": "This resource configures an Intune Device Remediation.", - "permissions": { - "graph": { - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] + "resourceName": "IntuneDeviceRemediation", + "description": "This resource configures an Intune Device Remediation.", + "permissions": { + "graph": { + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 index 71edcbbfde..282ecce2df 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 @@ -131,7 +131,7 @@ function Get-TargetResource -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` $_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8' ` - } + } } } #endregion @@ -149,10 +149,10 @@ function Get-TargetResource -ErrorAction Stop $results = @{ - Description = $getValue.Description - DisplayName = $getValue.DisplayName - RoleScopeTagIds = $getValue.RoleScopeTagIds - Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + RoleScopeTagIds = $getValue.RoleScopeTagIds + Id = $getValue.Id } foreach ($setting in $settings) @@ -177,8 +177,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -347,7 +347,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/intents' } @@ -362,7 +362,7 @@ function Set-TargetResource throw 'AllowDeferralUntilSignOut must be $true' } - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $BoundParameters.Remove('Id') | Out-Null $BoundParameters.Remove('DisplayName') | Out-Null $BoundParameters.Remove('Description') | Out-Null @@ -655,7 +655,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8' ` - } + } #endregion $i = 1 @@ -683,7 +683,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -716,7 +716,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/settings.json index 404582571b..baa8340884 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/settings.json @@ -1,7 +1,7 @@ { - "resourceName": "IntuneDiskEncryptionMacOS", - "description": "This resource configures an Intune Disk Encryption for macOS.", - "permissions": { + "resourceName": "IntuneDiskEncryptionMacOS", + "description": "This resource configures an Intune Disk Encryption for macOS.", + "permissions": { "graph": { "delegated": { "read": [ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 index c58bc20a13..ae6b01ee6c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 @@ -102,7 +102,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -277,7 +277,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Disk Encryption PDE Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -308,7 +308,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Disk Encryption PDE Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -555,14 +555,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "0b5708d9-9bc2-49a9-b4f7-ec463fcc41e0_1" + $policyTemplateID = '0b5708d9-9bc2-49a9-b4f7-ec463fcc41e0_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -588,16 +588,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -625,7 +625,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/settings.json index ff57f9891a..6dc697eb6b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneDiskEncryptionPDEPolicyWindows10", - "description":"This resource configures an Intune Disk Encryption P D E Policy for Windows10.", - "permissions":{ - "graph":{ - "application":{ - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ], - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ] - }, - "delegated":{ - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ], - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ] - } - } - } -} \ No newline at end of file + "resourceName": "IntuneDiskEncryptionPDEPolicyWindows10", + "description": "This resource configures an Intune Disk Encryption P D E Policy for Windows10.", + "permissions": { + "graph": { + "application": { + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "delegated": { + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 index 744e8f6fec..5a3308a7f8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 @@ -358,7 +358,7 @@ function Get-TargetResource $templateReferenceId = '46ddfc50-d10f-4867-b852-9434254b3bff_1' $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -787,7 +787,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Disk Encryption for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -818,7 +818,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Disk Encryption for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -1320,14 +1320,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "46ddfc50-d10f-4867-b852-9434254b3bff_1" + $policyTemplateID = '46ddfc50-d10f-4867-b852-9434254b3bff_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -1354,7 +1354,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.Name + DisplayName = $config.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -1390,7 +1390,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/settings.json index c0b019f8fb..74b65206fd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/settings.json @@ -1,41 +1,41 @@ { - "resourceName":"IntuneDiskEncryptionWindows10", - "description":"This resource configures an Intune Disk Encryption for Windows10.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ + "resourceName": "IntuneDiskEncryptionWindows10", + "description": "This resource configures an Intune Disk Encryption for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] }, - "application":{ - "read":[ + "application": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 index 5016b661fc..9a7af96373 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 @@ -91,7 +91,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -254,7 +254,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Endpoint Detection And Response Policy Linux with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -285,7 +285,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Endpoint Detection And Response Policy Linux with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -521,14 +521,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "3514388a-d4d1-4aa8-bd64-c317776008f5_1" + $policyTemplateID = '3514388a-d4d1-4aa8-bd64-c317776008f5_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -555,7 +555,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.Name + DisplayName = $config.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -591,7 +591,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/settings.json index 33f7eaeed0..999f74654d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneEndpointDetectionAndResponsePolicyLinux", - "description":"This resource configures an Intune Endpoint Detection And Response Policy Linux.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.Read.All" - } - ], - "update":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application":{ - "read":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.Read.All" - } - ], - "update":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } - } + "resourceName": "IntuneEndpointDetectionAndResponsePolicyLinux", + "description": "This resource configures an Intune Endpoint Detection And Response Policy Linux.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 index 3f4a5089cb..96d87c2a83 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 @@ -91,7 +91,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -254,7 +254,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Endpoint Detection And Response Policy MacOS with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -285,7 +285,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Endpoint Detection And Response Policy MacOS with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -521,14 +521,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "a6ff37f6-c841-4264-9249-1ecf793d94ef_1" + $policyTemplateID = 'a6ff37f6-c841-4264-9249-1ecf793d94ef_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -555,7 +555,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.Name + DisplayName = $config.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -591,7 +591,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/settings.json index 73dac608fe..e02b666929 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneEndpointDetectionAndResponsePolicyMacOS", - "description":"This resource configures an Intune Endpoint Detection And Response Policy MacOS.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.Read.All" - } - ], - "update":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application":{ - "read":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.Read.All" - } - ], - "update":[ - { - "name": "Group.Read.All" - }, - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } - } + "resourceName": "IntuneEndpointDetectionAndResponsePolicyMacOS", + "description": "This resource configures an Intune Endpoint Detection And Response Policy MacOS.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 index 1da87bb3d1..f4dde4c6ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 @@ -315,7 +315,7 @@ function Set-TargetResource } #region resource generator code - $policy = New-MgBetaDeviceManagementConfigurationPolicy -bodyParameter $createParameters + $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters if ($policy.Id) { @@ -575,8 +575,8 @@ function Export-TargetResource -Filter $Filter ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } if ($policies.Length -eq 0) { @@ -633,7 +633,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -647,8 +647,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Unable to perform redirect as Location Header is not set in response*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 290f1129e0..73b4515c4c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -130,8 +130,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $returnHashtable.Add('Assignments', $assignmentResult) @@ -418,7 +418,7 @@ function Test-TargetResource { $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - if ($key -eq "Assignments") + if ($key -eq 'Assignments') { $testResult = Compare-M365DSCIntunePolicyAssignment ` -Source $source ` @@ -446,8 +446,8 @@ function Test-TargetResource # Ignore line breaks and carriage returns if ($testResult -and $ValuesToCheck.Contains('ExploitProtectionSettings')) { - $desired = ($ExploitProtectionSettings -replace "`r","") -replace "`n","" - $current = ($CurrentValues.ExploitProtectionSettings -replace "`r","") -replace "`n","" + $desired = ($ExploitProtectionSettings -replace "`r", '') -replace "`n", '' + $current = ($CurrentValues.ExploitProtectionSettings -replace "`r", '') -replace "`n", '' $testResult = $desired -eq $current $ValuesToCheck.Remove('ExploitProtectionSettings') | Out-Null } @@ -588,7 +588,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -603,7 +603,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 index 1cc9955b19..143dd5854a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -467,7 +467,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -1006,7 +1006,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Firewall Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -1037,7 +1037,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Firewall Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -1649,14 +1649,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "6078910e-d808-4a9f-a51d-1b8a7bacb7c0_1" + $policyTemplateID = '6078910e-d808-4a9f-a51d-1b8a7bacb7c0_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -1682,16 +1682,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1719,7 +1719,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json index 293b222bff..1b813d14b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "IntuneFirewallPolicyWindows10", - "description": "This resource configures an Intune Firewall Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ] - }, - "application": { - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ] + "resourceName": "IntuneFirewallPolicyWindows10", + "description": "This resource configures an Intune Firewall Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ] + }, + "application": { + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 index c1cd1f57a0..79536879db 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 @@ -86,7 +86,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -128,7 +128,7 @@ function Get-TargetResource { $myFirewallRuleName.Add($key, $currentFirewallRuleName[$key]) } - if ($myFirewallRuleName.values.Where({$null -ne $_}).Count -gt 0) + if ($myFirewallRuleName.values.Where({ $null -ne $_ }).Count -gt 0) { $complexFirewallRuleName += $myFirewallRuleName } @@ -263,7 +263,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Firewall Rules Hyper-V Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -294,7 +294,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Firewall Rules Hyper-V Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -525,14 +525,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "a5481c22-7a2a-4f59-a33e-6eee30d02f94_1" + $policyTemplateID = 'a5481c22-7a2a-4f59-a33e-6eee30d02f94_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -558,16 +558,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -608,12 +608,12 @@ function Export-TargetResource -Credential $Credential if ($Results.FirewallRuleName) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallRuleName" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallRuleName' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/settings.json index f2f3cc8cdf..6483737b9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneFirewallRulesHyperVPolicyWindows10", - "description":"This resource configures an Intune Firewall Rules Hyper-V Policy for Windows10.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ], - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ] - }, - "application":{ - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ], - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ] - } - } - } -} \ No newline at end of file + "resourceName": "IntuneFirewallRulesHyperVPolicyWindows10", + "description": "This resource configures an Intune Firewall Rules Hyper-V Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 index bf0f395f72..6fe340d3e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 @@ -86,7 +86,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -144,7 +144,7 @@ function Get-TargetResource $myFirewallRuleName.Add('RemoteAddressDynamicKeywords', $currentFirewallRuleName.remoteAddressDynamicKeywords) $myFirewallRuleName.Add('Protocol', $currentFirewallRuleName.protocol) $myFirewallRuleName.Add('IcmpTypesAndCodes', $currentFirewallRuleName.icmpTypesAndCodes) - if ($myFirewallRuleName.values.Where({$null -ne $_}).Count -gt 0) + if ($myFirewallRuleName.values.Where({ $null -ne $_ }).Count -gt 0) { $complexFirewallRuleName += $myFirewallRuleName } @@ -279,7 +279,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Firewall Rules Policy for Windows10 with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -310,7 +310,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Firewall Rules Policy for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -541,14 +541,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "19c8aa67-f286-4861-9aa0-f23541d31680_1" + $policyTemplateID = '19c8aa67-f286-4861-9aa0-f23541d31680_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -574,16 +574,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -624,12 +624,12 @@ function Export-TargetResource -Credential $Credential if ($Results.FirewallRuleName) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallRuleName" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallRuleName' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/settings.json index b586b4a5a3..d417bb6739 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneFirewallRulesPolicyWindows10", - "description":"This resource configures an Intune Firewall Rules Policy for Windows10.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ], - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ] - }, - "application":{ - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ], - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ] - } - } - } -} \ No newline at end of file + "resourceName": "IntuneFirewallRulesPolicyWindows10", + "description": "This resource configures an Intune Firewall Rules Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 index 6ae0abfd01..652b8b094b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 @@ -88,7 +88,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -130,7 +130,7 @@ function Get-TargetResource { $myFirewallRuleName.Add($key, $currentFirewallRuleName.$key) } - if ($myFirewallRuleName.values.Where({$null -ne $_}).Count -gt 0) + if ($myFirewallRuleName.values.Where({ $null -ne $_ }).Count -gt 0) { $complexFirewallRuleName += $myFirewallRuleName } @@ -267,7 +267,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Firewall Rules Policy for Windows10 ConfigMgr with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -298,7 +298,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Firewall Rules Policy for Windows10 ConfigMgr with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -529,14 +529,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "48da42ed-5df7-485e-8b9d-4844ed5a92bd_1" + $policyTemplateID = '48da42ed-5df7-485e-8b9d-4844ed5a92bd_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -562,16 +562,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -612,12 +612,12 @@ function Export-TargetResource -Credential $Credential if ($Results.FirewallRuleName) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallRuleName" -IsCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallRuleName' -IsCIMArray:$True } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/settings.json index 5f53802e6a..e21afc91c4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/settings.json @@ -1,44 +1,44 @@ { - "resourceName":"IntuneFirewallRulesPolicyWindows10ConfigMgr", - "description":"This resource configures an Intune Firewall Rules Policy for Windows10 ConfigMgr.", - "permissions":{ - "graph":{ - "delegated":{ - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ], - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ] - }, - "application":{ - "update":[ - { - "name":"DeviceManagementConfiguration.ReadWrite.All" - }, - { - "name":"Group.Read.All" - } - ], - "read":[ - { - "name":"DeviceManagementConfiguration.Read.All" - }, - { - "name":"Group.Read.All" - } - ] - } - } - } -} \ No newline at end of file + "resourceName": "IntuneFirewallRulesPolicyWindows10ConfigMgr", + "description": "This resource configures an Intune Firewall Rules Policy for Windows10 ConfigMgr.", + "permissions": { + "graph": { + "delegated": { + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "application": { + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ], + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index 59278dd90c..17eef55b35 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -146,7 +146,7 @@ function Get-TargetResource try { $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id ` - -ExpandProperty "categories" ` + -ExpandProperty 'categories' ` -ErrorAction SilentlyContinue if ($null -eq $instance) @@ -164,7 +164,7 @@ function Get-TargetResource if ($null -ne $instance) { $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $instance.Id ` - -ExpandProperty "categories" ` + -ExpandProperty 'categories' ` -ErrorAction SilentlyContinue $Id = $instance.Id } @@ -208,7 +208,7 @@ function Get-TargetResource $complexMinimumSupportedOperatingSystem = @{} if ($null -ne $instance.AdditionalProperties.minimumSupportedOperatingSystem) { - $instance.AdditionalProperties.minimumSupportedOperatingSystem.GetEnumerator() | Foreach-Object { + $instance.AdditionalProperties.minimumSupportedOperatingSystem.GetEnumerator() | ForEach-Object { if ($_.Value) # Values are either true or false. Only export the true value. { $complexMinimumSupportedOperatingSystem.Add($_.Key, $_.Value) @@ -253,8 +253,8 @@ function Get-TargetResource if ($null -ne $appAssignments -and $appAssignments.count -gt 0) { $resultAssignments += ConvertFrom-IntuneMobileAppAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($appAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($appAssignments) } $results.Add('Assignments', $resultAssignments) @@ -485,8 +485,22 @@ function Set-TargetResource $UpdateParameters.Add('@odata.type', '#microsoft.graph.macOSLobApp') Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -BodyParameter $UpdateParameters - [array]$referenceObject = if ($null -ne $currentInstance.Categories.DisplayName) { $currentInstance.Categories.DisplayName } else { ,@() } - [array]$differenceObject = if ($null -ne $Categories.DisplayName) { $Categories.DisplayName } else { ,@() } + [array]$referenceObject = if ($null -ne $currentInstance.Categories.DisplayName) + { + $currentInstance.Categories.DisplayName + } + else + { + , @() + } + [array]$differenceObject = if ($null -ne $Categories.DisplayName) + { + $Categories.DisplayName + } + else + { + , @() + } $delta = Compare-Object -ReferenceObject $referenceObject -DifferenceObject $differenceObject -PassThru foreach ($diff in $delta) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 index 7979ebe48b..ae5cde27a3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 @@ -163,7 +163,7 @@ function Get-TargetResource try { $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id ` - -ExpandProperty "categories" ` + -ExpandProperty 'categories' ` -ErrorAction SilentlyContinue if ($null -eq $instance) @@ -181,7 +181,7 @@ function Get-TargetResource if ($null -ne $instance) { $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $instance.Id ` - -ExpandProperty "categories" ` + -ExpandProperty 'categories' ` -ErrorAction SilentlyContinue $Id = $instance.Id } @@ -208,7 +208,7 @@ function Get-TargetResource $complexExcludedApps = @{} if ($null -ne $instance.AdditionalProperties.excludedApps) { - $instance.AdditionalProperties.excludedApps.GetEnumerator() | Foreach-Object { + $instance.AdditionalProperties.excludedApps.GetEnumerator() | ForEach-Object { $complexExcludedApps.Add($_.Key, $_.Value) } } @@ -221,37 +221,37 @@ function Get-TargetResource # } $results = @{ - Id = $instance.Id - DisplayName = $instance.DisplayName - Description = $instance.Description - IsFeatured = $instance.IsFeatured - PrivacyInformationUrl = $instance.PrivacyInformationUrl - InformationUrl = $instance.InformationUrl - Notes = $instance.Notes - RoleScopeTagIds = $instance.RoleScopeTagIds - AutoAcceptEula = $instance.AdditionalProperties.autoAcceptEula - ProductIds = $instance.AdditionalProperties.productIds - UseSharedComputerActivation = $instance.AdditionalProperties.useSharedComputerActivation - UpdateChannel = $instance.AdditionalProperties.updateChannel - OfficeSuiteAppDefaultFileFormat = $instance.AdditionalProperties.officeSuiteAppDefaultFileFormat - OfficePlatformArchitecture = $instance.AdditionalProperties.officePlatformArchitecture - LocalesToInstall = $instance.AdditionalProperties.localesToInstall - InstallProgressDisplayLevel = $instance.AdditionalProperties.installProgressDisplayLevel + Id = $instance.Id + DisplayName = $instance.DisplayName + Description = $instance.Description + IsFeatured = $instance.IsFeatured + PrivacyInformationUrl = $instance.PrivacyInformationUrl + InformationUrl = $instance.InformationUrl + Notes = $instance.Notes + RoleScopeTagIds = $instance.RoleScopeTagIds + AutoAcceptEula = $instance.AdditionalProperties.autoAcceptEula + ProductIds = $instance.AdditionalProperties.productIds + UseSharedComputerActivation = $instance.AdditionalProperties.useSharedComputerActivation + UpdateChannel = $instance.AdditionalProperties.updateChannel + OfficeSuiteAppDefaultFileFormat = $instance.AdditionalProperties.officeSuiteAppDefaultFileFormat + OfficePlatformArchitecture = $instance.AdditionalProperties.officePlatformArchitecture + LocalesToInstall = $instance.AdditionalProperties.localesToInstall + InstallProgressDisplayLevel = $instance.AdditionalProperties.installProgressDisplayLevel ShouldUninstallOlderVersionsOfOffice = $instance.AdditionalProperties.shouldUninstallOlderVersionsOfOffice - TargetVersion = $instance.AdditionalProperties.targetVersion - UpdateVersion = $instance.AdditionalProperties.updateVersion - OfficeConfigurationXml = $instance.AdditionalProperties.officeConfigurationXml + TargetVersion = $instance.AdditionalProperties.targetVersion + UpdateVersion = $instance.AdditionalProperties.updateVersion + OfficeConfigurationXml = $instance.AdditionalProperties.officeConfigurationXml # LargeIcon = $complexLargeIcon - ExcludedApps = $complexExcludedApps - Categories = $complexCategories - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ExcludedApps = $complexExcludedApps + Categories = $complexCategories + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } #Assignments @@ -260,12 +260,14 @@ function Get-TargetResource if ($null -ne $appAssignments -and $appAssignments.count -gt 0) { $convertedAssignments = ConvertFrom-IntuneMobileAppAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($appAssignments) + -IncludeDeviceFilter:$true ` + -Assignments ($appAssignments) # Filter out 'source' from the assignment objects - foreach ($assignment in $convertedAssignments) { - if ($assignment.ContainsKey('source')) { + foreach ($assignment in $convertedAssignments) + { + if ($assignment.ContainsKey('source')) + { $assignment.Remove('source') } } @@ -291,7 +293,7 @@ function Get-TargetResource function Set-TargetResource { [CmdletBinding()] - param + param ( #region Intune resource parameters @@ -522,8 +524,22 @@ function Set-TargetResource $UpdateParameters.Add('@odata.type', '#microsoft.graph.officeSuiteApp') Update-MgBetaDeviceAppManagementMobileApp -MobileAppId $currentInstance.Id -BodyParameter $UpdateParameters - [array]$referenceObject = if ($null -ne $currentInstance.Categories.DisplayName) { $currentInstance.Categories.DisplayName } else { ,@() } - [array]$differenceObject = if ($null -ne $Categories.DisplayName) { $Categories.DisplayName } else { ,@() } + [array]$referenceObject = if ($null -ne $currentInstance.Categories.DisplayName) + { + $currentInstance.Categories.DisplayName + } + else + { + , @() + } + [array]$differenceObject = if ($null -ne $Categories.DisplayName) + { + $Categories.DisplayName + } + else + { + , @() + } $delta = Compare-Object -ReferenceObject $referenceObject -DifferenceObject $differenceObject -PassThru foreach ($diff in $delta) { @@ -571,7 +587,7 @@ function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] - param + param ( #region Intune resource parameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 index cf77e04f5b..a9bbed5e3e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 @@ -134,7 +134,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -154,7 +154,7 @@ function Get-TargetResource $connectorId = (Get-MobileThreatDefenseConnectorIdOrDisplayName -DisplayName $DisplayName).Id $instance = Get-MgBetaDeviceManagementMobileThreatDefenseConnector ` -MobileThreatDefenseConnectorId $connectorId - -ErrorAction SilentlyContinue + -ErrorAction SilentlyContinue } if ($null -eq $instance) @@ -164,39 +164,39 @@ function Get-TargetResource } } - if([string]::IsNullOrEmpty($DisplayName)) + if ([string]::IsNullOrEmpty($DisplayName)) { $DisplayName = (Get-MobileThreatDefenseConnectorIdOrDisplayName -Id $instance.Id).DisplayName } $results = @{ - Id = $instance.Id - DisplayName = $DisplayName - ResponseHeadersVariable = $instance.ResponseHeadersVariable - AllowPartnerToCollectIosApplicationMetadata = $instance.AllowPartnerToCollectIosApplicationMetadata + Id = $instance.Id + DisplayName = $DisplayName + ResponseHeadersVariable = $instance.ResponseHeadersVariable + AllowPartnerToCollectIosApplicationMetadata = $instance.AllowPartnerToCollectIosApplicationMetadata AllowPartnerToCollectIosPersonalApplicationMetadata = $instance.AllowPartnerToCollectIosPersonalApplicationMetadata - AndroidDeviceBlockedOnMissingPartnerData = $instance.AndroidDeviceBlockedOnMissingPartnerData - AndroidEnabled = $instance.AndroidEnabled - AndroidMobileApplicationManagementEnabled = $instance.AndroidMobileApplicationManagementEnabled - IosDeviceBlockedOnMissingPartnerData = $instance.IosDeviceBlockedOnMissingPartnerData - IosEnabled = $instance.IosEnabled - IosMobileApplicationManagementEnabled = $instance.IosMobileApplicationManagementEnabled - LastHeartbeatDateTime = $instance.LastHeartbeatDateTime - MicrosoftDefenderForEndpointAttachEnabled = $instance.MicrosoftDefenderForEndpointAttachEnabled - PartnerState = $instance.PartnerState.ToString() - PartnerUnresponsivenessThresholdInDays = $instance.PartnerUnresponsivenessThresholdInDays - PartnerUnsupportedOSVersionBlocked = $instance.PartnerUnsupportedOSVersionBlocked - WindowsDeviceBlockedOnMissingPartnerData = $instance.WindowsDeviceBlockedOnMissingPartnerData - WindowsEnabled = $instance.WindowsEnabled - - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + AndroidDeviceBlockedOnMissingPartnerData = $instance.AndroidDeviceBlockedOnMissingPartnerData + AndroidEnabled = $instance.AndroidEnabled + AndroidMobileApplicationManagementEnabled = $instance.AndroidMobileApplicationManagementEnabled + IosDeviceBlockedOnMissingPartnerData = $instance.IosDeviceBlockedOnMissingPartnerData + IosEnabled = $instance.IosEnabled + IosMobileApplicationManagementEnabled = $instance.IosMobileApplicationManagementEnabled + LastHeartbeatDateTime = $instance.LastHeartbeatDateTime + MicrosoftDefenderForEndpointAttachEnabled = $instance.MicrosoftDefenderForEndpointAttachEnabled + PartnerState = $instance.PartnerState.ToString() + PartnerUnresponsivenessThresholdInDays = $instance.PartnerUnresponsivenessThresholdInDays + PartnerUnsupportedOSVersionBlocked = $instance.PartnerUnsupportedOSVersionBlocked + WindowsDeviceBlockedOnMissingPartnerData = $instance.WindowsDeviceBlockedOnMissingPartnerData + WindowsEnabled = $instance.WindowsEnabled + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results @@ -575,32 +575,32 @@ function Export-TargetResource $displayedKey = $config.Id Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - AllowPartnerToCollectIosApplicationMetadata = $config.AllowPartnerToCollectIosApplicationMetadata + Id = $config.Id + DisplayName = $config.DisplayName + AllowPartnerToCollectIosApplicationMetadata = $config.AllowPartnerToCollectIosApplicationMetadata AllowPartnerToCollectIosPersonalApplicationMetadata = $config.AllowPartnerToCollectIosPersonalApplicationMetadata - AndroidDeviceBlockedOnMissingPartnerData = $config.AndroidDeviceBlockedOnMissingPartnerData - AndroidEnabled = $config.AndroidEnabled - AndroidMobileApplicationManagementEnabled = $config.AndroidMobileApplicationManagementEnabled - IosDeviceBlockedOnMissingPartnerData = $config.IosDeviceBlockedOnMissingPartnerData - IosEnabled = $config.IosEnabled - IosMobileApplicationManagementEnabled = $config.IosMobileApplicationManagementEnabled - LastHeartbeatDateTime = $config.LastHeartbeatDateTime - MicrosoftDefenderForEndpointAttachEnabled = $config.MicrosoftDefenderForEndpointAttachEnabled - PartnerState = $config.PartnerState.ToString() - PartnerUnresponsivenessThresholdInDays = $config.PartnerUnresponsivenessThresholdInDays - PartnerUnsupportedOSVersionBlocked = $config.PartnerUnsupportedOSVersionBlocked - WindowsDeviceBlockedOnMissingPartnerData = $config.WindowsDeviceBlockedOnMissingPartnerData - WindowsEnabled = $config.WindowsEnabled - - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + AndroidDeviceBlockedOnMissingPartnerData = $config.AndroidDeviceBlockedOnMissingPartnerData + AndroidEnabled = $config.AndroidEnabled + AndroidMobileApplicationManagementEnabled = $config.AndroidMobileApplicationManagementEnabled + IosDeviceBlockedOnMissingPartnerData = $config.IosDeviceBlockedOnMissingPartnerData + IosEnabled = $config.IosEnabled + IosMobileApplicationManagementEnabled = $config.IosMobileApplicationManagementEnabled + LastHeartbeatDateTime = $config.LastHeartbeatDateTime + MicrosoftDefenderForEndpointAttachEnabled = $config.MicrosoftDefenderForEndpointAttachEnabled + PartnerState = $config.PartnerState.ToString() + PartnerUnresponsivenessThresholdInDays = $config.PartnerUnresponsivenessThresholdInDays + PartnerUnsupportedOSVersionBlocked = $config.PartnerUnsupportedOSVersionBlocked + WindowsDeviceBlockedOnMissingPartnerData = $config.WindowsDeviceBlockedOnMissingPartnerData + WindowsEnabled = $config.WindowsEnabled + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -636,7 +636,8 @@ function Export-TargetResource #region Helper functions -function Get-MobileThreatDefenseConnectorIdOrDisplayName { +function Get-MobileThreatDefenseConnectorIdOrDisplayName +{ param ( [Parameter(Mandatory = $false)] [string]$Id, @@ -647,25 +648,25 @@ function Get-MobileThreatDefenseConnectorIdOrDisplayName { # Hashtable mapping IDs to Display Names $IdToDisplayNameMap = @{ - "fc780465-2017-40d4-a0c5-307022471b92" = "Microsoft Defender for Endpoint" - "860d3ab4-8fd1-45f5-89cd-ecf51e4f92e5" = "BETTER Mobile Security" - "d3ddeae8-441f-4681-b80f-aef644f7195a" = "Check Point Harmony Mobile" - "8d0ed095-8191-4bd3-8a41-953b22d51ff7" = "Pradeo" - "1f58d6d2-02cc-4c80-b008-1bfe7396a10a" = "Jamf Trust" - "4873197-ffec-4dfc-9816-db65f34c7cb9" = "Trellix Mobile Security" - "a447eca6-a986-4d3f-9838-5862bf50776c" = "CylancePROTECT Mobile" - "4928f0f6-2660-4f69-b4c5-5170ec921f7b" = "Trend Micro" - "bb13fe25-ce1f-45aa-b278-cabbc6b9072e" = "SentinelOne" - "e6f777f8-e4c2-4a5b-be01-50b5c124bc7f" = "Windows Security Center" - "29ee2d98-e795-475f-a0f8-0802dc3384a9" = "CrowdStrike Falcon for Mobile" - "870b252b-0ef0-4707-8847-50fc571472b3" = "Sophos" - "2c7790de-8b02-4814-85cf-e0c59380dee8" = "Lookout for Work" - "28fd67fd-b179-4629-a8b0-dad420b697c7" = "Symantec Endpoint Protection" - "08a8455c-48dd-45ff-ad82-7211355354f3" = "Zimperium" + 'fc780465-2017-40d4-a0c5-307022471b92' = 'Microsoft Defender for Endpoint' + '860d3ab4-8fd1-45f5-89cd-ecf51e4f92e5' = 'BETTER Mobile Security' + 'd3ddeae8-441f-4681-b80f-aef644f7195a' = 'Check Point Harmony Mobile' + '8d0ed095-8191-4bd3-8a41-953b22d51ff7' = 'Pradeo' + '1f58d6d2-02cc-4c80-b008-1bfe7396a10a' = 'Jamf Trust' + '4873197-ffec-4dfc-9816-db65f34c7cb9' = 'Trellix Mobile Security' + 'a447eca6-a986-4d3f-9838-5862bf50776c' = 'CylancePROTECT Mobile' + '4928f0f6-2660-4f69-b4c5-5170ec921f7b' = 'Trend Micro' + 'bb13fe25-ce1f-45aa-b278-cabbc6b9072e' = 'SentinelOne' + 'e6f777f8-e4c2-4a5b-be01-50b5c124bc7f' = 'Windows Security Center' + '29ee2d98-e795-475f-a0f8-0802dc3384a9' = 'CrowdStrike Falcon for Mobile' + '870b252b-0ef0-4707-8847-50fc571472b3' = 'Sophos' + '2c7790de-8b02-4814-85cf-e0c59380dee8' = 'Lookout for Work' + '28fd67fd-b179-4629-a8b0-dad420b697c7' = 'Symantec Endpoint Protection' + '08a8455c-48dd-45ff-ad82-7211355354f3' = 'Zimperium' } # If Id is provided, look up the DisplayName - if($null -ne $Id) + if ($null -ne $Id) { $displayName = $IdToDisplayNameMap[$Id] } @@ -673,12 +674,15 @@ function Get-MobileThreatDefenseConnectorIdOrDisplayName { # If DisplayName is provided, look up the Id # Create a reverse lookup hashtable for DisplayName to Id $DisplayNameToIdMap = @{} - foreach ($key in $IdToDisplayNameMap.Keys) { + foreach ($key in $IdToDisplayNameMap.Keys) + { $DisplayNameToIdMap[$IdToDisplayNameMap[$key]] = $key } - if (-not [string]::IsNullOrEmpty($DisplayName)) { + if (-not [string]::IsNullOrEmpty($DisplayName)) + { $Id = $DisplayNameToIdMap[$DisplayName] - if (-not $Id) { + if (-not $Id) + { Write-Host "Internal func: DisplayName '$DisplayName' not found." return } @@ -686,7 +690,7 @@ function Get-MobileThreatDefenseConnectorIdOrDisplayName { # Create the results tuple return @{ - Id = $Id + Id = $Id DisplayName = $displayName } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 index c9371436b4..465fc6b8bc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 @@ -107,7 +107,7 @@ function Get-TargetResource if ($null -eq $getValue) { - Write-verbose -Message "Could not find an Intune Policy Sets with DisplayName {$DisplayName}" + Write-Verbose -Message "Could not find an Intune Policy Sets with DisplayName {$DisplayName}" return $nullResult } else @@ -117,10 +117,11 @@ function Get-TargetResource Write-Verbose -Message "Multiple Intune Policy Sets with DisplayName {$DisplayName} - unable to continue" return $nullResult } - else { + else + { $getValue = Get-MgBetaDeviceAppManagementPolicySet -PolicySetId $getValue.Id -ExpandProperty * -ErrorAction SilentlyContinue - } + } } } } @@ -161,8 +162,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -172,10 +173,10 @@ function Get-TargetResource foreach ($itemEntry in $itemsValues) { $itemValue = @{ - dataType = $itemEntry.AdditionalProperties.'@odata.type' - payloadId = $itemEntry.PayloadId - itemType = $itemEntry.ItemType - displayName = $itemEntry.displayName + dataType = $itemEntry.AdditionalProperties.'@odata.type' + payloadId = $itemEntry.PayloadId + itemType = $itemEntry.ItemType + displayName = $itemEntry.displayName guidedDeploymentTags = $itemEntry.GuidedDeploymentTags } $itemResult += $itemValue @@ -285,8 +286,8 @@ function Set-TargetResource { Write-Verbose -Message "Creating an Intune Policy Sets with DisplayName {$DisplayName}" # remove complex values - $BoundParameters.Remove("Assignments") | Out-Null - $BoundParameters.Remove("Items") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null + $BoundParameters.Remove('Items') | Out-Null # remove unused values $BoundParameters.Remove('Id') | Out-Null @@ -304,20 +305,20 @@ function Set-TargetResource # set assignments and items to work with New-MgBetaDeviceAppManagementPolicySet command $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - $CreateParameters.Add("Assignments", $assignmentsHash) + $CreateParameters.Add('Assignments', $assignmentsHash) $itemsHash = @() foreach ($item in $items) { $itemsHash += @{ - PayloadId = $item.payloadId - "@odata.type" = $item.dataType - guidedDeploymentTags =$item.guidedDeploymentTags - } + PayloadId = $item.payloadId + '@odata.type' = $item.dataType + guidedDeploymentTags = $item.guidedDeploymentTags + } } - $CreateParameters.Add("Items", $itemsHash) + $CreateParameters.Add('Items', $itemsHash) - write-verbose -Message ($CreateParameters | out-string) + Write-Verbose -Message ($CreateParameters | Out-String) $policy = New-MgBetaDeviceAppManagementPolicySet @CreateParameters } @@ -325,8 +326,8 @@ function Set-TargetResource { Write-Verbose -Message "Updating the Intune Policy Sets with Id {$($currentInstance.Id)}" # remove complex values - $BoundParameters.Remove("Assignments") | Out-Null - $BoundParameters.Remove("Items") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null + $BoundParameters.Remove('Items') | Out-Null # remove unused values $BoundParameters.Remove('Id') | Out-Null @@ -342,9 +343,9 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("PolicySetId", $currentInstance.Id) + $UpdateParameters.Add('PolicySetId', $currentInstance.Id) - Update-MgBetaDeviceAppManagementPolicySet @UpdateParameters + Update-MgBetaDeviceAppManagementPolicySet @UpdateParameters $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update" if ($null -ne ($itemamendments = Get-ItemsAmendmentsObject -currentObjectItems $currentInstance.Items -targetObjectItems $items)) @@ -582,16 +583,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -628,11 +629,11 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } if ($Results.Items) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Items" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Items' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -645,9 +646,9 @@ function Export-TargetResource } catch { - if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or - $_.Exception -like "* Unauthorized*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or + $_.Exception -like '* Unauthorized*' -or ` + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -675,32 +676,32 @@ function Get-ItemsAmendmentsObject $nullreturn = $true $ItemsModificationTemplate = @{ - deletedPolicySetItems = @() - updatedPolicySetItems = @() - addedPolicySetItems = @() - } + deletedPolicySetItems = @() + updatedPolicySetItems = @() + addedPolicySetItems = @() + } - $currentObjectItems | foreach { + $currentObjectItems | ForEach-Object { if (!($targetObjectItems.Payloadid -contains $_.PayloadId)) { - write-verbose -message ($_.DisplayName + ' NOT present in Config Document, Removing') + Write-Verbose -Message ($_.DisplayName + ' NOT present in Config Document, Removing') $ItemsModificationTemplate.deletedPolicySetItems += $_.Id $nullreturn = $false } } - $targetObjectItems | foreach { + $targetObjectItems | ForEach-Object { if (!($currentObjectItems.PayloadId -contains $_.PayloadId)) { - write-verbose -message ($_.DisplayName + ' NOT already present in Policy Set, Adding') + Write-Verbose -Message ($_.DisplayName + ' NOT already present in Policy Set, Adding') $ItemsModificationTemplate.addedPolicySetItems += @{ - payloadId = $_.payloadId - "@odata.type" = $_.dataType - guidedDeploymentTags = $_.guidedDeploymentTags - } + payloadId = $_.payloadId + '@odata.type' = $_.dataType + guidedDeploymentTags = $_.guidedDeploymentTags + } $nullreturn = $false } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/settings.json index 4439bab90a..0cee9750c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntunePolicySets", "description": "This resource configures an Intune Policy Sets.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index 324052a0cf..257f402310 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -102,7 +102,7 @@ function Get-TargetResource $getValue = $null $getValue = Get-MgBetaDeviceManagementRoleAssignment -DeviceAndAppManagementRoleAssignmentId $Id -ErrorAction SilentlyContinue - + if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Role Assignment with Id {$Id}" @@ -696,7 +696,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 index 30ef18d4e1..942c53f253 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 @@ -570,7 +570,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 index 4c7cd488fe..fae310b236 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 @@ -80,7 +80,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - if ($PSBoundParameters.ContainsKey("Id")) + if ($PSBoundParameters.ContainsKey('Id')) { $getValue = Get-MgBetaDeviceManagementRoleScopeTag -RoleScopeTagId $Id -ErrorAction SilentlyContinue } @@ -223,7 +223,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Role Scope Tag with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $createParameters = ([Hashtable]$BoundParameters).Clone() $createParameters = Rename-M365DSCCimInstanceParameter -Properties $createParameters @@ -239,7 +239,7 @@ function Set-TargetResource } #region resource generator code - $createParameters.Add("@odata.type", "#microsoft.graph.RoleScopeTag") + $createParameters.Add('@odata.type', '#microsoft.graph.RoleScopeTag') $policy = New-MgBetaDeviceManagementRoleScopeTag -BodyParameter $createParameters if ($policy.Id) @@ -255,7 +255,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Role Scope Tag with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $updateParameters = ([Hashtable]$BoundParameters).Clone() $updateParameters = Rename-M365DSCCimInstanceParameter -Properties $updateParameters @@ -272,7 +272,7 @@ function Set-TargetResource } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.RoleScopeTag") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.RoleScopeTag') Update-MgBetaDeviceManagementRoleScopeTag ` -RoleScopeTagId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -534,7 +534,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/settings.json index eece1c58a9..42b2a74548 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/settings.json @@ -9,7 +9,7 @@ "name": "DeviceManagementConfiguration.Read.All" }, { - "name": "Group.Read.All" + "name": "Group.Read.All" } ], "update": [ @@ -17,7 +17,7 @@ "name": "DeviceManagementConfiguration.ReadWrite.All" }, { - "name": "Group.Read.All" + "name": "Group.Read.All" } ] }, @@ -27,7 +27,7 @@ "name": "DeviceManagementConfiguration.Read.All" }, { - "name": "Group.Read.All" + "name": "Group.Read.All" } ], "update": [ @@ -35,7 +35,7 @@ "name": "DeviceManagementConfiguration.ReadWrite.All" }, { - "name": "Group.Read.All" + "name": "Group.Read.All" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 index c31b5a1b9c..c2978345e7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 @@ -90,7 +90,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -127,387 +127,514 @@ function Get-TargetResource $complexDeviceSettings = @{} # Add device settings with conditional checks - if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny) { + if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny) + { $complexDeviceSettings.Add('DeviceInstall_Classes_Deny', $policySettings.DeviceSettings.deviceInstall_Classes_Deny) } - if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny_List) { + if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny_List) + { $complexDeviceSettings.Add('DeviceInstall_Classes_Deny_List', $policySettings.DeviceSettings.deviceInstall_Classes_Deny_List) } - if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny_Retroactive) { + if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny_Retroactive) + { $complexDeviceSettings.Add('DeviceInstall_Classes_Deny_Retroactive', $policySettings.DeviceSettings.deviceInstall_Classes_Deny_Retroactive) } - if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXts_Name) { + if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXts_Name) + { $complexDeviceSettings.Add('EncryptionMethodWithXts_Name', $policySettings.DeviceSettings.encryptionMethodWithXts_Name) } - if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXtsOsDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXtsOsDropDown_Name) + { $complexDeviceSettings.Add('EncryptionMethodWithXtsOsDropDown_Name', $policySettings.DeviceSettings.encryptionMethodWithXtsOsDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXtsFdvDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXtsFdvDropDown_Name) + { $complexDeviceSettings.Add('EncryptionMethodWithXtsFdvDropDown_Name', $policySettings.DeviceSettings.encryptionMethodWithXtsFdvDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXtsRdvDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.encryptionMethodWithXtsRdvDropDown_Name) + { $complexDeviceSettings.Add('EncryptionMethodWithXtsRdvDropDown_Name', $policySettings.DeviceSettings.encryptionMethodWithXtsRdvDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVRecoveryUsage_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVRecoveryUsage_Name) + { $complexDeviceSettings.Add('FDVRecoveryUsage_Name', $policySettings.DeviceSettings.fDVRecoveryUsage_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVActiveDirectoryBackup_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVActiveDirectoryBackup_Name) + { $complexDeviceSettings.Add('FDVActiveDirectoryBackup_Name', $policySettings.DeviceSettings.fDVActiveDirectoryBackup_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVHideRecoveryPage_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVHideRecoveryPage_Name) + { $complexDeviceSettings.Add('FDVHideRecoveryPage_Name', $policySettings.DeviceSettings.fDVHideRecoveryPage_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVRecoveryPasswordUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVRecoveryPasswordUsageDropDown_Name) + { $complexDeviceSettings.Add('FDVRecoveryPasswordUsageDropDown_Name', $policySettings.DeviceSettings.fDVRecoveryPasswordUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVRequireActiveDirectoryBackup_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVRequireActiveDirectoryBackup_Name) + { $complexDeviceSettings.Add('FDVRequireActiveDirectoryBackup_Name', $policySettings.DeviceSettings.fDVRequireActiveDirectoryBackup_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVAllowDRA_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVAllowDRA_Name) + { $complexDeviceSettings.Add('FDVAllowDRA_Name', $policySettings.DeviceSettings.fDVAllowDRA_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVActiveDirectoryBackupDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVActiveDirectoryBackupDropDown_Name) + { $complexDeviceSettings.Add('FDVActiveDirectoryBackupDropDown_Name', $policySettings.DeviceSettings.fDVActiveDirectoryBackupDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVRecoveryKeyUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVRecoveryKeyUsageDropDown_Name) + { $complexDeviceSettings.Add('FDVRecoveryKeyUsageDropDown_Name', $policySettings.DeviceSettings.fDVRecoveryKeyUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVDenyWriteAccess_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVDenyWriteAccess_Name) + { $complexDeviceSettings.Add('FDVDenyWriteAccess_Name', $policySettings.DeviceSettings.fDVDenyWriteAccess_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVEncryptionType_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVEncryptionType_Name) + { $complexDeviceSettings.Add('FDVEncryptionType_Name', $policySettings.DeviceSettings.fDVEncryptionType_Name) } - if ($null -ne $policySettings.DeviceSettings.fDVEncryptionTypeDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.fDVEncryptionTypeDropDown_Name) + { $complexDeviceSettings.Add('FDVEncryptionTypeDropDown_Name', $policySettings.DeviceSettings.fDVEncryptionTypeDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.enablePreBootPinExceptionOnDECapableDevice_Name) { + if ($null -ne $policySettings.DeviceSettings.enablePreBootPinExceptionOnDECapableDevice_Name) + { $complexDeviceSettings.Add('EnablePreBootPinExceptionOnDECapableDevice_Name', $policySettings.DeviceSettings.enablePreBootPinExceptionOnDECapableDevice_Name) } - if ($null -ne $policySettings.DeviceSettings.enhancedPIN_Name) { + if ($null -ne $policySettings.DeviceSettings.enhancedPIN_Name) + { $complexDeviceSettings.Add('EnhancedPIN_Name', $policySettings.DeviceSettings.enhancedPIN_Name) } - if ($null -ne $policySettings.DeviceSettings.OSRecoveryUsage_Name) { + if ($null -ne $policySettings.DeviceSettings.OSRecoveryUsage_Name) + { $complexDeviceSettings.Add('OSRecoveryUsage_Name', $policySettings.DeviceSettings.OSRecoveryUsage_Name) } - if ($null -ne $policySettings.DeviceSettings.OSRequireActiveDirectoryBackup_Name) { + if ($null -ne $policySettings.DeviceSettings.OSRequireActiveDirectoryBackup_Name) + { $complexDeviceSettings.Add('OSRequireActiveDirectoryBackup_Name', $policySettings.DeviceSettings.OSRequireActiveDirectoryBackup_Name) } - if ($null -ne $policySettings.DeviceSettings.OSActiveDirectoryBackup_Name) { + if ($null -ne $policySettings.DeviceSettings.OSActiveDirectoryBackup_Name) + { $complexDeviceSettings.Add('OSActiveDirectoryBackup_Name', $policySettings.DeviceSettings.OSActiveDirectoryBackup_Name) } - if ($null -ne $policySettings.DeviceSettings.OSRecoveryPasswordUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.OSRecoveryPasswordUsageDropDown_Name) + { $complexDeviceSettings.Add('OSRecoveryPasswordUsageDropDown_Name', $policySettings.DeviceSettings.OSRecoveryPasswordUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.OSHideRecoveryPage_Name) { + if ($null -ne $policySettings.DeviceSettings.OSHideRecoveryPage_Name) + { $complexDeviceSettings.Add('OSHideRecoveryPage_Name', $policySettings.DeviceSettings.OSHideRecoveryPage_Name) } - if ($null -ne $policySettings.DeviceSettings.OSAllowDRA_Name) { + if ($null -ne $policySettings.DeviceSettings.OSAllowDRA_Name) + { $complexDeviceSettings.Add('OSAllowDRA_Name', $policySettings.DeviceSettings.OSAllowDRA_Name) } - if ($null -ne $policySettings.DeviceSettings.OSRecoveryKeyUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.OSRecoveryKeyUsageDropDown_Name) + { $complexDeviceSettings.Add('OSRecoveryKeyUsageDropDown_Name', $policySettings.DeviceSettings.OSRecoveryKeyUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.OSActiveDirectoryBackupDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.OSActiveDirectoryBackupDropDown_Name) + { $complexDeviceSettings.Add('OSActiveDirectoryBackupDropDown_Name', $policySettings.DeviceSettings.OSActiveDirectoryBackupDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.enablePrebootInputProtectorsOnSlates_Name) { + if ($null -ne $policySettings.DeviceSettings.enablePrebootInputProtectorsOnSlates_Name) + { $complexDeviceSettings.Add('EnablePrebootInputProtectorsOnSlates_Name', $policySettings.DeviceSettings.enablePrebootInputProtectorsOnSlates_Name) } - if ($null -ne $policySettings.DeviceSettings.OSEncryptionType_Name) { + if ($null -ne $policySettings.DeviceSettings.OSEncryptionType_Name) + { $complexDeviceSettings.Add('OSEncryptionType_Name', $policySettings.DeviceSettings.OSEncryptionType_Name) } - if ($null -ne $policySettings.DeviceSettings.OSEncryptionTypeDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.OSEncryptionTypeDropDown_Name) + { $complexDeviceSettings.Add('OSEncryptionTypeDropDown_Name', $policySettings.DeviceSettings.OSEncryptionTypeDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.configureAdvancedStartup_Name) { + if ($null -ne $policySettings.DeviceSettings.configureAdvancedStartup_Name) + { $complexDeviceSettings.Add('ConfigureAdvancedStartup_Name', $policySettings.DeviceSettings.configureAdvancedStartup_Name) } - if ($null -ne $policySettings.DeviceSettings.configureTPMStartupKeyUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.configureTPMStartupKeyUsageDropDown_Name) + { $complexDeviceSettings.Add('ConfigureTPMStartupKeyUsageDropDown_Name', $policySettings.DeviceSettings.configureTPMStartupKeyUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.configureTPMPINKeyUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.configureTPMPINKeyUsageDropDown_Name) + { $complexDeviceSettings.Add('ConfigureTPMPINKeyUsageDropDown_Name', $policySettings.DeviceSettings.configureTPMPINKeyUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.configureTPMUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.configureTPMUsageDropDown_Name) + { $complexDeviceSettings.Add('ConfigureTPMUsageDropDown_Name', $policySettings.DeviceSettings.configureTPMUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.configureNonTPMStartupKeyUsage_Name) { + if ($null -ne $policySettings.DeviceSettings.configureNonTPMStartupKeyUsage_Name) + { $complexDeviceSettings.Add('ConfigureNonTPMStartupKeyUsage_Name', $policySettings.DeviceSettings.configureNonTPMStartupKeyUsage_Name) } - if ($null -ne $policySettings.DeviceSettings.configurePINUsageDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.configurePINUsageDropDown_Name) + { $complexDeviceSettings.Add('ConfigurePINUsageDropDown_Name', $policySettings.DeviceSettings.configurePINUsageDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.RDVConfigureBDE) { + if ($null -ne $policySettings.DeviceSettings.RDVConfigureBDE) + { $complexDeviceSettings.Add('RDVConfigureBDE', $policySettings.DeviceSettings.RDVConfigureBDE) } - if ($null -ne $policySettings.DeviceSettings.RDVAllowBDE_Name) { + if ($null -ne $policySettings.DeviceSettings.RDVAllowBDE_Name) + { $complexDeviceSettings.Add('RDVAllowBDE_Name', $policySettings.DeviceSettings.RDVAllowBDE_Name) } - if ($null -ne $policySettings.DeviceSettings.RDVEncryptionType_Name) { + if ($null -ne $policySettings.DeviceSettings.RDVEncryptionType_Name) + { $complexDeviceSettings.Add('RDVEncryptionType_Name', $policySettings.DeviceSettings.RDVEncryptionType_Name) } - if ($null -ne $policySettings.DeviceSettings.RDVEncryptionTypeDropDown_Name) { + if ($null -ne $policySettings.DeviceSettings.RDVEncryptionTypeDropDown_Name) + { $complexDeviceSettings.Add('RDVEncryptionTypeDropDown_Name', $policySettings.DeviceSettings.RDVEncryptionTypeDropDown_Name) } - if ($null -ne $policySettings.DeviceSettings.RDVDisableBDE_Name) { + if ($null -ne $policySettings.DeviceSettings.RDVDisableBDE_Name) + { $complexDeviceSettings.Add('RDVDisableBDE_Name', $policySettings.DeviceSettings.RDVDisableBDE_Name) } - if ($null -ne $policySettings.DeviceSettings.RDVDenyWriteAccess_Name) { + if ($null -ne $policySettings.DeviceSettings.RDVDenyWriteAccess_Name) + { $complexDeviceSettings.Add('RDVDenyWriteAccess_Name', $policySettings.DeviceSettings.RDVDenyWriteAccess_Name) } - if ($null -ne $policySettings.DeviceSettings.RDVCrossOrg) { + if ($null -ne $policySettings.DeviceSettings.RDVCrossOrg) + { $complexDeviceSettings.Add('RDVCrossOrg', $policySettings.DeviceSettings.RDVCrossOrg) } - if ($null -ne $policySettings.DeviceSettings.EnableSmartScreen) { + if ($null -ne $policySettings.DeviceSettings.EnableSmartScreen) + { $complexDeviceSettings.Add('EnableSmartScreen', $policySettings.DeviceSettings.EnableSmartScreen) } - if ($null -ne $policySettings.DeviceSettings.EnableSmartScreenDropdown) { + if ($null -ne $policySettings.DeviceSettings.EnableSmartScreenDropdown) + { $complexDeviceSettings.Add('EnableSmartScreenDropdown', $policySettings.DeviceSettings.EnableSmartScreenDropdown) } - if ($null -ne $policySettings.DeviceSettings.DisableSafetyFilterOverrideForAppRepUnknown) { + if ($null -ne $policySettings.DeviceSettings.DisableSafetyFilterOverrideForAppRepUnknown) + { $complexDeviceSettings.Add('DisableSafetyFilterOverrideForAppRepUnknown', $policySettings.DeviceSettings.DisableSafetyFilterOverrideForAppRepUnknown) } - if ($null -ne $policySettings.DeviceSettings.Disable_Managing_Safety_Filter_IE9) { + if ($null -ne $policySettings.DeviceSettings.Disable_Managing_Safety_Filter_IE9) + { $complexDeviceSettings.Add('Disable_Managing_Safety_Filter_IE9', $policySettings.DeviceSettings.Disable_Managing_Safety_Filter_IE9) } - if ($null -ne $policySettings.DeviceSettings.IE9SafetyFilterOptions) { + if ($null -ne $policySettings.DeviceSettings.IE9SafetyFilterOptions) + { $complexDeviceSettings.Add('IE9SafetyFilterOptions', $policySettings.DeviceSettings.IE9SafetyFilterOptions) } - if ($null -ne $policySettings.DeviceSettings.AllowWarningForOtherDiskEncryption) { + if ($null -ne $policySettings.DeviceSettings.AllowWarningForOtherDiskEncryption) + { $complexDeviceSettings.Add('AllowWarningForOtherDiskEncryption', $policySettings.DeviceSettings.AllowWarningForOtherDiskEncryption) } - if ($null -ne $policySettings.DeviceSettings.AllowStandardUserEncryption) { + if ($null -ne $policySettings.DeviceSettings.AllowStandardUserEncryption) + { $complexDeviceSettings.Add('AllowStandardUserEncryption', $policySettings.DeviceSettings.AllowStandardUserEncryption) } - if ($null -ne $policySettings.DeviceSettings.ConfigureRecoveryPasswordRotation) { + if ($null -ne $policySettings.DeviceSettings.ConfigureRecoveryPasswordRotation) + { $complexDeviceSettings.Add('ConfigureRecoveryPasswordRotation', $policySettings.DeviceSettings.ConfigureRecoveryPasswordRotation) } - if ($null -ne $policySettings.DeviceSettings.RequireDeviceEncryption) { + if ($null -ne $policySettings.DeviceSettings.RequireDeviceEncryption) + { $complexDeviceSettings.Add('RequireDeviceEncryption', $policySettings.DeviceSettings.RequireDeviceEncryption) } - if ($null -ne $policySettings.DeviceSettings.AllowArchiveScanning) { + if ($null -ne $policySettings.DeviceSettings.AllowArchiveScanning) + { $complexDeviceSettings.Add('AllowArchiveScanning', $policySettings.DeviceSettings.AllowArchiveScanning) } - if ($null -ne $policySettings.DeviceSettings.AllowBehaviorMonitoring) { + if ($null -ne $policySettings.DeviceSettings.AllowBehaviorMonitoring) + { $complexDeviceSettings.Add('AllowBehaviorMonitoring', $policySettings.DeviceSettings.AllowBehaviorMonitoring) } - if ($null -ne $policySettings.DeviceSettings.AllowCloudProtection) { + if ($null -ne $policySettings.DeviceSettings.AllowCloudProtection) + { $complexDeviceSettings.Add('AllowCloudProtection', $policySettings.DeviceSettings.AllowCloudProtection) } - if ($null -ne $policySettings.DeviceSettings.AllowEmailScanning) { + if ($null -ne $policySettings.DeviceSettings.AllowEmailScanning) + { $complexDeviceSettings.Add('AllowEmailScanning', $policySettings.DeviceSettings.AllowEmailScanning) } - if ($null -ne $policySettings.DeviceSettings.AllowFullScanRemovableDriveScanning) { + if ($null -ne $policySettings.DeviceSettings.AllowFullScanRemovableDriveScanning) + { $complexDeviceSettings.Add('AllowFullScanRemovableDriveScanning', $policySettings.DeviceSettings.AllowFullScanRemovableDriveScanning) } - if ($null -ne $policySettings.DeviceSettings.AllowOnAccessProtection) { + if ($null -ne $policySettings.DeviceSettings.AllowOnAccessProtection) + { $complexDeviceSettings.Add('AllowOnAccessProtection', $policySettings.DeviceSettings.AllowOnAccessProtection) } - if ($null -ne $policySettings.DeviceSettings.AllowRealtimeMonitoring) { + if ($null -ne $policySettings.DeviceSettings.AllowRealtimeMonitoring) + { $complexDeviceSettings.Add('AllowRealtimeMonitoring', $policySettings.DeviceSettings.AllowRealtimeMonitoring) } - if ($null -ne $policySettings.DeviceSettings.AllowScanningNetworkFiles) { + if ($null -ne $policySettings.DeviceSettings.AllowScanningNetworkFiles) + { $complexDeviceSettings.Add('AllowScanningNetworkFiles', $policySettings.DeviceSettings.AllowScanningNetworkFiles) } - if ($null -ne $policySettings.DeviceSettings.AllowIOAVProtection) { + if ($null -ne $policySettings.DeviceSettings.AllowIOAVProtection) + { $complexDeviceSettings.Add('AllowIOAVProtection', $policySettings.DeviceSettings.AllowIOAVProtection) } - if ($null -ne $policySettings.DeviceSettings.AllowScriptScanning) { + if ($null -ne $policySettings.DeviceSettings.AllowScriptScanning) + { $complexDeviceSettings.Add('AllowScriptScanning', $policySettings.DeviceSettings.AllowScriptScanning) } - if ($null -ne $policySettings.DeviceSettings.AllowUserUIAccess) { + if ($null -ne $policySettings.DeviceSettings.AllowUserUIAccess) + { $complexDeviceSettings.Add('AllowUserUIAccess', $policySettings.DeviceSettings.AllowUserUIAccess) } - if ($null -ne $policySettings.DeviceSettings.BlockExecutionOfPotentiallyObfuscatedScripts) { + if ($null -ne $policySettings.DeviceSettings.BlockExecutionOfPotentiallyObfuscatedScripts) + { $complexDeviceSettings.Add('BlockExecutionOfPotentiallyObfuscatedScripts', $policySettings.DeviceSettings.BlockExecutionOfPotentiallyObfuscatedScripts) } - if ($null -ne $policySettings.DeviceSettings.BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockWin32APICallsFromOfficeMacros) { + if ($null -ne $policySettings.DeviceSettings.BlockWin32APICallsFromOfficeMacros) + { $complexDeviceSettings.Add('BlockWin32APICallsFromOfficeMacros', $policySettings.DeviceSettings.BlockWin32APICallsFromOfficeMacros) } - if ($null -ne $policySettings.DeviceSettings.BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion) { + if ($null -ne $policySettings.DeviceSettings.BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion) + { $complexDeviceSettings.Add('BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion', $policySettings.DeviceSettings.BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion) } - if ($null -ne $policySettings.DeviceSettings.BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockOfficeCommunicationAppFromCreatingChildProcesses) { + if ($null -ne $policySettings.DeviceSettings.BlockOfficeCommunicationAppFromCreatingChildProcesses) + { $complexDeviceSettings.Add('BlockOfficeCommunicationAppFromCreatingChildProcesses', $policySettings.DeviceSettings.BlockOfficeCommunicationAppFromCreatingChildProcesses) } - if ($null -ne $policySettings.DeviceSettings.BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockAllOfficeApplicationsFromCreatingChildProcesses) { + if ($null -ne $policySettings.DeviceSettings.BlockAllOfficeApplicationsFromCreatingChildProcesses) + { $complexDeviceSettings.Add('BlockAllOfficeApplicationsFromCreatingChildProcesses', $policySettings.DeviceSettings.BlockAllOfficeApplicationsFromCreatingChildProcesses) } - if ($null -ne $policySettings.DeviceSettings.BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockAdobeReaderFromCreatingChildProcesses) { + if ($null -ne $policySettings.DeviceSettings.BlockAdobeReaderFromCreatingChildProcesses) + { $complexDeviceSettings.Add('BlockAdobeReaderFromCreatingChildProcesses', $policySettings.DeviceSettings.BlockAdobeReaderFromCreatingChildProcesses) } - if ($null -ne $policySettings.DeviceSettings.BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem) { + if ($null -ne $policySettings.DeviceSettings.BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem) + { $complexDeviceSettings.Add('BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem', $policySettings.DeviceSettings.BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem) } - if ($null -ne $policySettings.DeviceSettings.BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent) { + if ($null -ne $policySettings.DeviceSettings.BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent) + { $complexDeviceSettings.Add('BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent', $policySettings.DeviceSettings.BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent) } - if ($null -ne $policySettings.DeviceSettings.BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockWebshellCreationForServers) { + if ($null -ne $policySettings.DeviceSettings.BlockWebshellCreationForServers) + { $complexDeviceSettings.Add('BlockWebshellCreationForServers', $policySettings.DeviceSettings.BlockWebshellCreationForServers) } - if ($null -ne $policySettings.DeviceSettings.BlockWebshellCreationForServers_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockWebshellCreationForServers_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockWebshellCreationForServers_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockWebshellCreationForServers_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockUntrustedUnsignedProcessesThatRunFromUSB) { + if ($null -ne $policySettings.DeviceSettings.BlockUntrustedUnsignedProcessesThatRunFromUSB) + { $complexDeviceSettings.Add('BlockUntrustedUnsignedProcessesThatRunFromUSB', $policySettings.DeviceSettings.BlockUntrustedUnsignedProcessesThatRunFromUSB) } - if ($null -ne $policySettings.DeviceSettings.BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockPersistenceThroughWMIEventSubscription) { + if ($null -ne $policySettings.DeviceSettings.BlockPersistenceThroughWMIEventSubscription) + { $complexDeviceSettings.Add('BlockPersistenceThroughWMIEventSubscription', $policySettings.DeviceSettings.BlockPersistenceThroughWMIEventSubscription) } - if ($null -ne $policySettings.DeviceSettings.BlockUseOfCopiedOrImpersonatedSystemTools) { + if ($null -ne $policySettings.DeviceSettings.BlockUseOfCopiedOrImpersonatedSystemTools) + { $complexDeviceSettings.Add('BlockUseOfCopiedOrImpersonatedSystemTools', $policySettings.DeviceSettings.BlockUseOfCopiedOrImpersonatedSystemTools) } - if ($null -ne $policySettings.DeviceSettings.BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockAbuseOfExploitedVulnerableSignedDrivers) { + if ($null -ne $policySettings.DeviceSettings.BlockAbuseOfExploitedVulnerableSignedDrivers) + { $complexDeviceSettings.Add('BlockAbuseOfExploitedVulnerableSignedDrivers', $policySettings.DeviceSettings.BlockAbuseOfExploitedVulnerableSignedDrivers) } - if ($null -ne $policySettings.DeviceSettings.BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockProcessCreationsFromPSExecAndWMICommands) { + if ($null -ne $policySettings.DeviceSettings.BlockProcessCreationsFromPSExecAndWMICommands) + { $complexDeviceSettings.Add('BlockProcessCreationsFromPSExecAndWMICommands', $policySettings.DeviceSettings.BlockProcessCreationsFromPSExecAndWMICommands) } - if ($null -ne $policySettings.DeviceSettings.BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromCreatingExecutableContent) { + if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromCreatingExecutableContent) + { $complexDeviceSettings.Add('BlockOfficeApplicationsFromCreatingExecutableContent', $policySettings.DeviceSettings.BlockOfficeApplicationsFromCreatingExecutableContent) } - if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses) { + if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses) + { $complexDeviceSettings.Add('BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses', $policySettings.DeviceSettings.BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses) } - if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockRebootingMachineInSafeMode) { + if ($null -ne $policySettings.DeviceSettings.BlockRebootingMachineInSafeMode) + { $complexDeviceSettings.Add('BlockRebootingMachineInSafeMode', $policySettings.DeviceSettings.BlockRebootingMachineInSafeMode) } - if ($null -ne $policySettings.DeviceSettings.BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.UseAdvancedProtectionAgainstRansomware) { + if ($null -ne $policySettings.DeviceSettings.UseAdvancedProtectionAgainstRansomware) + { $complexDeviceSettings.Add('UseAdvancedProtectionAgainstRansomware', $policySettings.DeviceSettings.UseAdvancedProtectionAgainstRansomware) } - if ($null -ne $policySettings.DeviceSettings.UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.BlockExecutableContentFromEmailClientAndWebmail) { + if ($null -ne $policySettings.DeviceSettings.BlockExecutableContentFromEmailClientAndWebmail) + { $complexDeviceSettings.Add('BlockExecutableContentFromEmailClientAndWebmail', $policySettings.DeviceSettings.BlockExecutableContentFromEmailClientAndWebmail) } - if ($null -ne $policySettings.DeviceSettings.BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions) { + if ($null -ne $policySettings.DeviceSettings.BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions) + { $complexDeviceSettings.Add('BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions) } - if ($null -ne $policySettings.DeviceSettings.CheckForSignaturesBeforeRunningScan) { + if ($null -ne $policySettings.DeviceSettings.CheckForSignaturesBeforeRunningScan) + { $complexDeviceSettings.Add('CheckForSignaturesBeforeRunningScan', $policySettings.DeviceSettings.CheckForSignaturesBeforeRunningScan) } - if ($null -ne $policySettings.DeviceSettings.CloudBlockLevel) { + if ($null -ne $policySettings.DeviceSettings.CloudBlockLevel) + { $complexDeviceSettings.Add('CloudBlockLevel', $policySettings.DeviceSettings.CloudBlockLevel) } - if ($null -ne $policySettings.DeviceSettings.CloudExtendedTimeout) { + if ($null -ne $policySettings.DeviceSettings.CloudExtendedTimeout) + { $complexDeviceSettings.Add('CloudExtendedTimeout', $policySettings.DeviceSettings.CloudExtendedTimeout) } - if ($null -ne $policySettings.DeviceSettings.DisableLocalAdminMerge) { + if ($null -ne $policySettings.DeviceSettings.DisableLocalAdminMerge) + { $complexDeviceSettings.Add('DisableLocalAdminMerge', $policySettings.DeviceSettings.DisableLocalAdminMerge) } - if ($null -ne $policySettings.DeviceSettings.EnableNetworkProtection) { + if ($null -ne $policySettings.DeviceSettings.EnableNetworkProtection) + { $complexDeviceSettings.Add('EnableNetworkProtection', $policySettings.DeviceSettings.EnableNetworkProtection) } - if ($null -ne $policySettings.DeviceSettings.HideExclusionsFromLocalAdmins) { + if ($null -ne $policySettings.DeviceSettings.HideExclusionsFromLocalAdmins) + { $complexDeviceSettings.Add('HideExclusionsFromLocalAdmins', $policySettings.DeviceSettings.HideExclusionsFromLocalAdmins) } - if ($null -ne $policySettings.DeviceSettings.HideExclusionsFromLocalUsers) { + if ($null -ne $policySettings.DeviceSettings.HideExclusionsFromLocalUsers) + { $complexDeviceSettings.Add('HideExclusionsFromLocalUsers', $policySettings.DeviceSettings.HideExclusionsFromLocalUsers) } - if ($null -ne $policySettings.DeviceSettings.OobeEnableRtpAndSigUpdate) { + if ($null -ne $policySettings.DeviceSettings.OobeEnableRtpAndSigUpdate) + { $complexDeviceSettings.Add('OobeEnableRtpAndSigUpdate', $policySettings.DeviceSettings.OobeEnableRtpAndSigUpdate) } - if ($null -ne $policySettings.DeviceSettings.PUAProtection) { + if ($null -ne $policySettings.DeviceSettings.PUAProtection) + { $complexDeviceSettings.Add('PUAProtection', $policySettings.DeviceSettings.PUAProtection) } - if ($null -ne $policySettings.DeviceSettings.RealTimeScanDirection) { + if ($null -ne $policySettings.DeviceSettings.RealTimeScanDirection) + { $complexDeviceSettings.Add('RealTimeScanDirection', $policySettings.DeviceSettings.RealTimeScanDirection) } - if ($null -ne $policySettings.DeviceSettings.ScanParameter) { + if ($null -ne $policySettings.DeviceSettings.ScanParameter) + { $complexDeviceSettings.Add('ScanParameter', $policySettings.DeviceSettings.ScanParameter) } - if ($null -ne $policySettings.DeviceSettings.ScheduleQuickScanTime) { + if ($null -ne $policySettings.DeviceSettings.ScheduleQuickScanTime) + { $complexDeviceSettings.Add('ScheduleQuickScanTime', $policySettings.DeviceSettings.ScheduleQuickScanTime) } - if ($null -ne $policySettings.DeviceSettings.ScheduleScanDay) { + if ($null -ne $policySettings.DeviceSettings.ScheduleScanDay) + { $complexDeviceSettings.Add('ScheduleScanDay', $policySettings.DeviceSettings.ScheduleScanDay) } - if ($null -ne $policySettings.DeviceSettings.ScheduleScanTime) { + if ($null -ne $policySettings.DeviceSettings.ScheduleScanTime) + { $complexDeviceSettings.Add('ScheduleScanTime', $policySettings.DeviceSettings.ScheduleScanTime) } - if ($null -ne $policySettings.DeviceSettings.SignatureUpdateInterval) { + if ($null -ne $policySettings.DeviceSettings.SignatureUpdateInterval) + { $complexDeviceSettings.Add('SignatureUpdateInterval', $policySettings.DeviceSettings.SignatureUpdateInterval) } - if ($null -ne $policySettings.DeviceSettings.SubmitSamplesConsent) { + if ($null -ne $policySettings.DeviceSettings.SubmitSamplesConsent) + { $complexDeviceSettings.Add('SubmitSamplesConsent', $policySettings.DeviceSettings.SubmitSamplesConsent) } - if ($null -ne $policySettings.DeviceSettings.LsaCfgFlags) { + if ($null -ne $policySettings.DeviceSettings.LsaCfgFlags) + { $complexDeviceSettings.Add('LsaCfgFlags', $policySettings.DeviceSettings.LsaCfgFlags) } - if ($null -ne $policySettings.DeviceSettings.DeviceEnumerationPolicy) { + if ($null -ne $policySettings.DeviceSettings.DeviceEnumerationPolicy) + { $complexDeviceSettings.Add('DeviceEnumerationPolicy', $policySettings.DeviceSettings.DeviceEnumerationPolicy) } - if ($null -ne $policySettings.DeviceSettings.SmartScreenEnabled) { + if ($null -ne $policySettings.DeviceSettings.SmartScreenEnabled) + { $complexDeviceSettings.Add('SmartScreenEnabled', $policySettings.DeviceSettings.SmartScreenEnabled) } - if ($null -ne $policySettings.DeviceSettings.SmartScreenPuaEnabled) { + if ($null -ne $policySettings.DeviceSettings.SmartScreenPuaEnabled) + { $complexDeviceSettings.Add('SmartScreenPuaEnabled', $policySettings.DeviceSettings.SmartScreenPuaEnabled) } - if ($null -ne $policySettings.DeviceSettings.SmartScreenDnsRequestsEnabled) { + if ($null -ne $policySettings.DeviceSettings.SmartScreenDnsRequestsEnabled) + { $complexDeviceSettings.Add('SmartScreenDnsRequestsEnabled', $policySettings.DeviceSettings.SmartScreenDnsRequestsEnabled) } - if ($null -ne $policySettings.DeviceSettings.NewSmartScreenLibraryEnabled) { + if ($null -ne $policySettings.DeviceSettings.NewSmartScreenLibraryEnabled) + { $complexDeviceSettings.Add('NewSmartScreenLibraryEnabled', $policySettings.DeviceSettings.NewSmartScreenLibraryEnabled) } - if ($null -ne $policySettings.DeviceSettings.SmartScreenForTrustedDownloadsEnabled) { + if ($null -ne $policySettings.DeviceSettings.SmartScreenForTrustedDownloadsEnabled) + { $complexDeviceSettings.Add('SmartScreenForTrustedDownloadsEnabled', $policySettings.DeviceSettings.SmartScreenForTrustedDownloadsEnabled) } - if ($null -ne $policySettings.DeviceSettings.PreventSmartScreenPromptOverride) { + if ($null -ne $policySettings.DeviceSettings.PreventSmartScreenPromptOverride) + { $complexDeviceSettings.Add('PreventSmartScreenPromptOverride', $policySettings.DeviceSettings.PreventSmartScreenPromptOverride) } - if ($null -ne $policySettings.DeviceSettings.PreventSmartScreenPromptOverrideForFiles) { + if ($null -ne $policySettings.DeviceSettings.PreventSmartScreenPromptOverrideForFiles) + { $complexDeviceSettings.Add('PreventSmartScreenPromptOverrideForFiles', $policySettings.DeviceSettings.PreventSmartScreenPromptOverrideForFiles) } # Check if $complexDeviceSettings is empty - if ($complexDeviceSettings.Values.Where({ $null -ne $_ }).Count -eq 0) { + if ($complexDeviceSettings.Values.Where({ $null -ne $_ }).Count -eq 0) + { $complexDeviceSettings = $null } $policySettings.Remove('DeviceSettings') | Out-Null @@ -515,12 +642,14 @@ function Get-TargetResource $complexUserSettings = @{} # Add user settings with conditional checks - if ($null -ne $policySettings.UserSettings.DisableSafetyFilterOverrideForAppRepUnknown) { + if ($null -ne $policySettings.UserSettings.DisableSafetyFilterOverrideForAppRepUnknown) + { $complexUserSettings.Add('DisableSafetyFilterOverrideForAppRepUnknown', $policySettings.UserSettings.DisableSafetyFilterOverrideForAppRepUnknown) } # Check if $complexUserSettings is empty - if ($complexUserSettings.Values.Where({ $null -ne $_ }).Count -eq 0) { + if ($complexUserSettings.Values.Where({ $null -ne $_ }).Count -eq 0) + { $complexUserSettings = $null } $policySettings.Remove('UserSettings') | Out-Null @@ -660,7 +789,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Security Baseline Defender For Endpoint with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -692,7 +821,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Security Baseline Defender For Endpoint with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -928,14 +1057,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "49b8320f-e179-472e-8e2c-2fde00289ca2_1" + $policyTemplateID = '49b8320f-e179-472e-8e2c-2fde00289ca2_1' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -961,16 +1090,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1025,16 +1154,16 @@ function Export-TargetResource -Credential $Credential if ($Results.DeviceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceSettings" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceSettings' -IsCIMArray:$False } if ($Results.UserSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserSettings" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json index 4e92507acb..3cbd96c4cf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneSecurityBaselineDefenderForEndpoint", "description": "This resource configures an Test Intune Security Baseline Defender For Endpoint.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 index e5701e7a4a..46375977e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 @@ -90,7 +90,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -334,7 +334,7 @@ function Get-TargetResource $complexDeviceSettings.Add('L_onenoteexe96', $policySettings.DeviceSettings.l_onenoteexe96) $complexDeviceSettings.Add('L_winprojexe90', $policySettings.DeviceSettings.l_winprojexe90) $complexDeviceSettings.Add('L_winwordexe91', $policySettings.DeviceSettings.l_winwordexe91) - if ($complexDeviceSettings.values.Where({$null -ne $_}).Count -eq 0) + if ($complexDeviceSettings.values.Where({ $null -ne $_ }).Count -eq 0) { $complexDeviceSettings = $null } @@ -569,7 +569,7 @@ function Get-TargetResource $complexUserSettings.Add('L_empty19', $policySettings.UserSettings.l_empty19) $complexUserSettings.Add('MicrosoftWord_Security_L_TurnOffFileValidation', $policySettings.UserSettings.microsoftWord_Security_L_TurnOffFileValidation) $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork) - if ($complexUserSettings.values.Where({$null -ne $_}).Count -eq 0) + if ($complexUserSettings.values.Where({ $null -ne $_ }).Count -eq 0) { $complexUserSettings = $null } @@ -708,7 +708,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Security Baseline Microsoft365 Apps For Enterprise with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -740,7 +740,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -977,14 +977,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "90316f12-246d-44c6-a767-f87692e86083_2" + $policyTemplateID = '90316f12-246d-44c6-a767-f87692e86083_2' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -1010,16 +1010,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -1074,16 +1074,16 @@ function Export-TargetResource -Credential $Credential if ($Results.DeviceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceSettings" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceSettings' -IsCIMArray:$False } if ($Results.UserSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserSettings" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json index 0906af650b..3d3a1b93e7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json @@ -1,41 +1,41 @@ { - "resourceName":"IntuneSecurityBaselineMicrosoft365AppsForEnterprise", - "description":"This resource configures an Intune Security Baseline Microsoft365 Apps For Enterprise.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ + "resourceName": "IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "description": "This resource configures an Intune Security Baseline Microsoft365 Apps For Enterprise.", + "permissions": { + "graph": { + "delegated": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] }, - "application":{ - "read":[ + "application": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 index 574cdbd803..27be5e2cbb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 @@ -190,7 +190,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -460,7 +460,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Security Baseline Microsoft Edge with Name {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -491,7 +491,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Security Baseline Microsoft Edge with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -837,14 +837,14 @@ function Export-TargetResource try { #region resource generator code - $policyTemplateID = "c66347b7-8325-4954-a235-3bf2233dfbfd_2" + $policyTemplateID = 'c66347b7-8325-4954-a235-3bf2233dfbfd_2' [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateID - } + $_.TemplateReference.TemplateId -eq $policyTemplateID + } #endregion $i = 1 @@ -870,16 +870,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -907,7 +907,7 @@ function Export-TargetResource if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/settings.json index 25e6e71739..9fcec958bb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "IntuneSecurityBaselineMicrosoftEdge", - "description": "This resource configures an Intune Security Baseline Microsoft Edge.", - "permissions": { - "graph": { - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] + "resourceName": "IntuneSecurityBaselineMicrosoftEdge", + "description": "This resource configures an Intune Security Baseline Microsoft Edge.", + "permissions": { + "graph": { + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } } } } - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index db7301d5fa..10f78935d9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -1036,8 +1036,8 @@ function Export-TargetResource -Filter $Filter ` -All ` -ErrorAction Stop | Where-Object -FilterScript { - $_.TemplateReference.TemplateId -eq $policyTemplateId - } + $_.TemplateReference.TemplateId -eq $policyTemplateId + } if ($policies.Length -eq 0) { @@ -1108,7 +1108,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index 0893638321..a70eabcd0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -145,7 +145,7 @@ function Get-TargetResource $valueName = Get-StringFirstCharacterToLower -Value $valueName $rawValue = $currentSettings.settingInstance.AdditionalProperties.$valueName $complexValue = get-SettingValue -SettingValue $rawValue -SettingValueType $currentSettings.settingInstance.AdditionalProperties.'@odata.type' - $complexSettingInstance.Add($valueName,$complexValue) + $complexSettingInstance.Add($valueName, $complexValue) $mySettings.Add('SettingInstance', $complexSettingInstance) if ($mySettings.values.Where({ $null -ne $_ }).count -gt 0) { @@ -189,8 +189,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -204,7 +204,7 @@ function Get-TargetResource -TenantId $TenantId ` -Credential $Credential - if ($_.Exception.Message -like "Error: The displayName*") + if ($_.Exception.Message -like 'Error: The displayName*') { throw $_ } @@ -304,9 +304,9 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $keyToRename = @{ - 'odataType' = '@odata.type' + 'odataType' = '@odata.type' 'StringValue' = 'value' - 'IntValue' = 'value' + 'IntValue' = 'value' } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') @@ -508,7 +508,7 @@ function Test-TargetResource $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys -verbose + -ValuesToCheck $ValuesToCheck.Keys -Verbose } Write-Verbose -Message "Test-TargetResource returned $testResult" return $testResult @@ -574,9 +574,9 @@ function Export-TargetResource [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy -Filter $Filter -All ` -ErrorAction Stop | Where-Object -FilterScript { ` $_.Platforms -eq 'windows10' -and - $_.Technologies -eq 'mdm' -and - $_.TemplateReference.TemplateFamily -eq 'none' - } + $_.Technologies -eq 'mdm' -and + $_.TemplateReference.TemplateFamily -eq 'none' + } #endregion $i = 1 @@ -729,7 +729,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } @@ -751,7 +751,7 @@ function Export-TargetResource function Get-SettingValue { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param ( [Parameter()] $SettingValue, @@ -765,10 +765,10 @@ function Get-SettingValue '*ChoiceSettingInstance' { $complexValue = @{} - $complexValue.Add('odataType',$SettingValue.'@odata.type') - $complexValue.Add('Value',$SettingValue.value) + $complexValue.Add('odataType', $SettingValue.'@odata.type') + $complexValue.Add('Value', $SettingValue.value) $children = @() - foreach($child in $SettingValue.children) + foreach ($child in $SettingValue.children) { $complexChild = @{} $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId) @@ -777,20 +777,20 @@ function Get-SettingValue $valueName = Get-StringFirstCharacterToLower -Value $valueName $rawValue = $child.$valueName $childSettingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' - $complexChild.Add($valueName,$childSettingValue) + $complexChild.Add($valueName, $childSettingValue) $children += $complexChild } - $complexValue.Add('Children',$children) + $complexValue.Add('Children', $children) } '*ChoiceSettingCollectionInstance' { $complexCollection = @() - foreach($item in $SettingValue) + foreach ($item in $SettingValue) { $complexValue = @{} - $complexValue.Add('Value',$item.value) + $complexValue.Add('Value', $item.value) $children = @() - foreach($child in $item.children) + foreach ($child in $item.children) { $complexChild = @{} $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId) @@ -798,60 +798,60 @@ function Get-SettingValue $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') $valueName = Get-StringFirstCharacterToLower -Value $valueName $rawValue = $child.$valueName - $childSettingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' - $complexChild.Add($valueName,$childSettingValue) + $childSettingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' + $complexChild.Add($valueName, $childSettingValue) $children += $complexChild } - $complexValue.Add('Children',$children) + $complexValue.Add('Children', $children) $complexCollection += $complexValue } - return ,([hashtable[]]$complexCollection) + return , ([hashtable[]]$complexCollection) } '*SimpleSettingInstance' { $complexValue = @{} - $complexValue.Add('odataType',$SettingValue.'@odata.type') + $complexValue.Add('odataType', $SettingValue.'@odata.type') $valueName = 'IntValue' $value = $SettingValue.value - if($SettingValue.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') + if ($SettingValue.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') { $valueName = 'StringValue' } - $complexValue.Add($valueName,$value) - if($SettingValue.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationSecretSettingValue') + $complexValue.Add($valueName, $value) + if ($SettingValue.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationSecretSettingValue') { - $complexValue.Add('ValueState',$SettingValue.valueState) + $complexValue.Add('ValueState', $SettingValue.valueState) } } '*SimpleSettingCollectionInstance' { $complexCollection = @() - foreach($item in $SettingValue) + foreach ($item in $SettingValue) { $complexValue = @{} - $complexValue.Add('odataType',$item.'@odata.type') + $complexValue.Add('odataType', $item.'@odata.type') $valueName = 'IntValue' $value = $item.value - if($item.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') + if ($item.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') { $valueName = 'StringValue' } - $complexValue.Add($valueName,$value) - if($item.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationSecretSettingValue') + $complexValue.Add($valueName, $value) + if ($item.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationSecretSettingValue') { - $complexValue.Add('ValueState',$item.valueState) + $complexValue.Add('ValueState', $item.valueState) } $complexCollection += $complexValue } - return ,([hashtable[]]$complexCollection) + return , ([hashtable[]]$complexCollection) } '*GroupSettingInstance' { $complexValue = @{} - $complexValue.Add('odataType',$SettingValue.'@odata.type') + $complexValue.Add('odataType', $SettingValue.'@odata.type') $children = @() - foreach($child in $SettingValue.children) + foreach ($child in $SettingValue.children) { $complexChild = @{} $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId) @@ -859,21 +859,21 @@ function Get-SettingValue $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') $valueName = Get-StringFirstCharacterToLower -Value $valueName $rawValue = $child.$valueName - $settingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' - $complexChild.Add($valueName,$settingValue) + $settingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' + $complexChild.Add($valueName, $settingValue) $children += $complexChild } - $complexValue.Add('Children',$children) + $complexValue.Add('Children', $children) } '*GroupSettingCollectionInstance' { $complexCollection = @() - foreach($groupSettingValue in $SettingValue) + foreach ($groupSettingValue in $SettingValue) { $complexValue = @{} #$complexValue.Add('odataType',$SettingValue.'@odata.type') $children = @() - foreach($child in $groupSettingValue.children) + foreach ($child in $groupSettingValue.children) { $complexChild = @{} $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId) @@ -881,14 +881,14 @@ function Get-SettingValue $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') $valueName = Get-StringFirstCharacterToLower -Value $valueName $rawValue = $child.$valueName - $settingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' - $complexChild.Add($valueName,$settingValue) + $settingValue = Get-SettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type' + $complexChild.Add($valueName, $settingValue) $children += $complexChild } - $complexValue.Add('Children',$children) + $complexValue.Add('Children', $children) $complexCollection += $complexValue } - return ,([hashtable[]]$complexCollection) + return , ([hashtable[]]$complexCollection) } } return $complexValue diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/settings.json index c29e518ded..17d4a86e46 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/settings.json @@ -1,45 +1,44 @@ { "resourceName": "IntuneSettingCatalogCustomPolicyWindows10", "description": "This resource configures an Intune Setting Catalog Custom Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 new file mode 100644 index 0000000000..0576afe7e7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -0,0 +1,701 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android Device Owner with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found" + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + certFileName = $getValue.AdditionalProperties.certFileName + trustedRootCertificate = $getValue.AdditionalProperties.trustedRootCertificate + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'certFileName' + 'trustedRootCertificate' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof new file mode 100644 index 0000000000..e5013f7f6b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.schema.mof @@ -0,0 +1,29 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneTrustedRootCertificateAndroidDeviceOwner")] +class MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration")] String Description; + [Write, Description("File name to display in UI.")] String certFileName; + [Write, Description("Trusted Root Certificate.")] String trustedRootCertificate; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md new file mode 100644 index 0000000000..f5210fed88 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/readme.md @@ -0,0 +1,6 @@ + +# IntuneTrustedRootCertificateAndroidDeviceOwner + +## Description + +This resource configures an Intune Android Device Owner Trusted Root Certificate Policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json new file mode 100644 index 0000000000..04a5f508cd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneTrustedRootCertificateAndroidDeviceOwner", + "description": "This resource configures an Android Device Owner Intune Trusted Root Certificate Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 new file mode 100644 index 0000000000..c410ccb865 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -0,0 +1,701 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidTrustedRootCertificate' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android with id {$id} and DisplayName {$DisplayName} was found" + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + certFileName = $getValue.AdditionalProperties.certFileName + trustedRootCertificate = $getValue.AdditionalProperties.trustedRootCertificate + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidTrustedRootCertificate' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'certFileName' + 'trustedRootCertificate' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof new file mode 100644 index 0000000000..9b82a0fa29 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.schema.mof @@ -0,0 +1,29 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneTrustedRootCertificateAndroidEnterprise")] +class MSFT_IntuneTrustedRootCertificateAndroidEnterprise : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration")] String Description; + [Write, Description("File name to display in UI.")] String certFileName; + [Write, Description("Trusted Root Certificate.")] String trustedRootCertificate; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md new file mode 100644 index 0000000000..1f4f9d1fe1 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/readme.md @@ -0,0 +1,6 @@ + +# IntuneTrustedRootCertificateAndroidEnterprise + +## Description + +This resource configures an Intune Android Enterprise Trusted Root Certificate Policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json new file mode 100644 index 0000000000..f6900ac6c0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneTrustedRootCertificateAndroidEnterprise", + "description": "This resource configures an Android Enterprise Intune Trusted Root Certificate Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 new file mode 100644 index 0000000000..dcb274fdc9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 @@ -0,0 +1,701 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosTrustedRootCertificate' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for iOS with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for iOS with id {$id} and DisplayName {$DisplayName} was found" + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + certFileName = $getValue.AdditionalProperties.certFileName + trustedRootCertificate = $getValue.AdditionalProperties.trustedRootCertificate + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + if ($AdditionalProperties.ContainsKey('trustedRootCertificate')) { + $AdditionalProperties['trustedRootCertificate'] = [Convert]::FromBase64String($AdditionalProperties['trustedRootCertificate']) + Write-Verbose "trustedRootCertificate converted to bytes." + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $certFileName, + + [Parameter()] + [System.String] + $trustedRootCertificate, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosTrustedRootCertificate' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'certFileName' + 'trustedRootCertificate' + ) + + $results = @{'@odata.type' = '#microsoft.graph.iosTrustedRootCertificate' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.schema.mof new file mode 100644 index 0000000000..18e5650e62 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.schema.mof @@ -0,0 +1,29 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneTrustedRootCertificateIOS")] +class MSFT_IntuneTrustedRootCertificateIOS : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration")] String Description; + [Write, Description("File name to display in UI.")] String certFileName; + [Write, Description("Trusted Root Certificate.")] String trustedRootCertificate; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/readme.md new file mode 100644 index 0000000000..30bd5b7d07 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/readme.md @@ -0,0 +1,6 @@ + +# IntuneTrustedRootCertificateIOS + +## Description + +This resource configures an Intune iOS Trusted Root Certificate Policy. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/settings.json new file mode 100644 index 0000000000..06b8e6ba69 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneTrustedRootCertificateIOS", + "description": "This resource configures an iOS Intune Trusted Root Certificate Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 new file mode 100644 index 0000000000..e9ea013384 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 @@ -0,0 +1,1321 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $server, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + #latest updates + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for iOS with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune VPN Policy for iOS with id {$id} and DisplayName {$DisplayName} was found" + + $complexServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.server) + { + $myservers = @{} + $myservers.Add('address', $currentservers.address) + $myservers.Add('description', $currentservers.description) + $myservers.Add('isDefaultServer', $currentservers.isDefaultServer) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexServers += $myservers + } + } + + $complexProxyServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.proxyServer) + { + $myservers = @{} + $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl) + $myservers.Add('address', $currentservers.address) + $myservers.Add('port', $currentservers.port) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexProxyServers += $myservers + } + } + + $complexCustomData = @() + foreach ($value in $getValue.AdditionalProperties.customData) + { + $myCustomdata = @{} + $myCustomdata.Add('key', $value.key) + $myCustomdata.Add('value', $value.value) + if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomData += $myCustomdata + } + } + + $complexCustomKeyValueData = @() + foreach ($value in $getValue.AdditionalProperties.customKeyValueData) + { + $myCVdata = @{} + $myCVdata.Add('name', $value.name) + $myCVdata.Add('value', $value.value) + if ($myCVdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomKeyValueData += $myCVdata + } + } + + $complexTargetedMobileApps = @() + foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) + { + $myTMAdata = @{} + $myTMAdata.Add('name', $value.name) + $myTMAdata.Add('publisher', $value.publisher) + $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) + $myTMAdata.Add('appId', $value.appId) + if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexTargetedMobileApps += $myTMAdata + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + connectionName = $getValue.AdditionalProperties.connectionName + connectionType = $getValue.AdditionalProperties.connectionType + enableSplitTunneling = $getValue.AdditionalProperties.enableSplitTunneling + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod + safariDomains = $getValue.AdditionalProperties.safariDomains + associatedDomains = $getValue.AdditionalProperties.associatedDomains + excludedDomains = $getValue.AdditionalProperties.excludedDomains + optInToDeviceIdSharing = $getValue.AdditionalProperties.optInToDeviceIdSharing + excludeList = $getValue.AdditionalProperties.excludeList + server = $complexServers + customData = $complexCustomData #$getValue.AdditionalProperties.customData + customKeyValueData = $complexCustomKeyValueData #$getValue.AdditionalProperties.customKeyValueData + onDemandRules = $getValue.AdditionalProperties.onDemandRules + proxyServer = $complexProxyServers + targetedMobileApps = $complexTargetedMobileApps #$getValue.AdditionalProperties.targetedMobileApps + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + loginGroupOrDomain = $getValue.AdditionalProperties.loginGroupOrDomain + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm + identifier = $getValue.AdditionalProperties.identifier + enablePerApp = $getValue.AdditionalProperties.enablePerApp + providerType = $getValue.AdditionalProperties.providerType + disableOnDemandUserOverride = $getValue.AdditionalProperties.disableOnDemandUserOverride + disconnectOnIdle = $getValue.AdditionalProperties.disconnectOnIdle + disconnectOnIdleTimerInSeconds = $getValue.AdditionalProperties.disconnectOnIdleTimerInSeconds + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + cloudName = $getValue.AdditionalProperties.cloudName + strictEnforcement = $getValue.AdditionalProperties.strictEnforcement + userDomain = $getValue.AdditionalProperties.userDomain + + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $server, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + #latest updates + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + #proxy and server values need converting before new- / update- cmdlets will accept parameters + #creating hashtables now for use later in both present/present and present/absent blocks + $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters + + if ($allTargetValues -match '\bserver=\(\{([^\)]+)\}\)') + { + $serverBlock = $matches[1] + } + + $serverHashtable = @{} + $serverBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $serverHashtable[$key] = $value + } + } + if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') + { + $proxyBlock = $matches[1] + } + + $proxyHashtable = @{} + $proxyBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $proxyHashtable[$key] = $value + } + } + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + if ($AdditionalProperties.server) + { + $AdditionalProperties.Remove('server') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('server',$serverHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + + if ($AdditionalProperties) + { + + if ($AdditionalProperties.server) + { + $AdditionalProperties.Remove('server') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('server',$serverHashtable) #replaced with the hashtable we created earlier + } + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + #add the additional properties to the updateparameters + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + } + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'customVpn', 'ciscoIPSec', 'citrix', 'ciscoAnyConnectV2', 'paloAltoGlobalProtect', 'zscalerPrivateAccess', 'f5Access2018', 'citrixSso', 'paloAltoGlobalProtectV2', 'ikEv2', 'alwaysOn', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [System.Boolean] + $enableSplitTunneling, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.string[]] + $safariDomains, + + [Parameter()] + [System.string[]] + $associatedDomains, + + [Parameter()] + [System.string[]] + $excludedDomains, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.Boolean] + $optInToDeviceIdSharing, + + [Parameter()] + [System.string[]] + $excludeList, #not on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta , but property is in the object + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $server, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $onDemandRules, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens, + + [Parameter()] + [System.UInt32] + $version, + + [Parameter()] + [System.String] + $loginGroupOrDomain, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [System.String] + $identifier, + + [Parameter()] + [System.Boolean] + $enablePerApp, + + [Parameter()] + [ValidateSet('notConfigured', 'appProxy', 'packetTunnel')] + [System.String] + $providerType, + + [Parameter()] + [System.Boolean] + $disableOnDemandUserOverride, + + [Parameter()] + [System.Boolean] + $disconnectOnIdle, + + [Parameter()] + [System.UInt32] + $disconnectOnIdleTimerInSeconds, + + [Parameter()] + [System.String] + $microsoftTunnelSiteId, + + [Parameter()] + [System.String] + $cloudName, + + [Parameter()] + [System.Boolean] + $strictEnforcement, + + [Parameter()] + [System.String] + $userDomain + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.server) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.server ` + -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.server = $complexTypeStringResult + } + else + { + $Results.Remove('server') | Out-Null + } + } + + if ($null -ne $Results.onDemandRules) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.onDemandRules ` + -CIMInstanceName 'MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule' #MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.onDemandRules = $complexTypeStringResult + } + else + { + $Results.Remove('onDemandRules') | Out-Null + } + } + + if ($null -ne $Results.proxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.proxyServer ` + -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.proxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('proxyServer') | Out-Null + } + } + + if ($null -ne $Results.customData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customData ` + -CIMInstanceName 'MSFT_CustomData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customData = $complexTypeStringResult + } + else + { + $Results.Remove('customData') | Out-Null + } + } + + if ($null -ne $Results.customKeyValueData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customKeyValueData ` + -CIMInstanceName 'MSFT_customKeyValueData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customKeyValueData = $complexTypeStringResult + } + else + { + $Results.Remove('customKeyValueData') | Out-Null + } + } + + if ($null -ne $Results.targetedMobileApps) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.targetedMobileApps ` + -CIMInstanceName 'MSFT_targetedMobileApps' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.targetedMobileApps = $complexTypeStringResult + } + else + { + $Results.Remove('targetedMobileApps') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.server) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "server" -isCIMArray:$True + } + + if ($Results.onDemandRules) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "onDemandRules" -isCIMArray:$True + } + + if ($Results.proxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True + } + + if ($Results.customData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True + } + + if ($Results.customKeyValueData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True + } + + if ($Results.targetedMobileApps) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True + } + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'connectionName' + 'connectionType' + 'enableSplitTunneling' + 'authenticationMethod' + 'enablePerApp' + 'safariDomains' + 'associatedDomains' + 'excludedDomains' + 'disableOnDemandUserOverride' + 'disconnectOnIdle' + 'proxyServer' + 'optInToDeviceIdSharing' + 'excludeList' + 'microsoftTunnelSiteId' + 'server' + 'customData' + 'customKeyValueData' + 'onDemandRules' + 'targetedMobileApps' + 'version' + 'loginGroupOrDomain' + 'role' + 'realm' + 'identifier' + 'providerType' + 'disconnectOnIdleTimerInSeconds' + 'cloudName' + 'strictEnforcement' + 'userDomain' + ) + + $results = @{'@odata.type' = '#microsoft.graph.iosVpnConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof new file mode 100644 index 0000000000..d5fa99f05f --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.schema.mof @@ -0,0 +1,101 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule +{ + [Write, Description("Network Service Set Identifiers (SSIDs).")] String ssids[]; + [Write, Description("DNS Search Domains.")] String dnsSearchDomains[]; + [Write, Description("A URL to probe. If this URL is successfully fetched, returning a 200 HTTP status code, without redirection, this rule matches.")] String probeUrl; + [Write, Description("Action. Possible values are: connect, evaluateConnection, ignore, disconnect."), ValueMap{"connect", "evaluateConnection", "ignore", "disconnect"}, Values{"connect", "evaluateConnection", "ignore", "disconnect"}] String action; + [Write, Description("Domain Action, Only applicable when Action is evaluate connection. Possible values are: connectIfNeeded, neverConnect."), ValueMap{"connectIfNeeded", "neverConnect"}, Values{"connectIfNeeded", "neverConnect"}] String domainAction; + [Write, Description("Domains, Only applicable when Action is evaluate connection.")] String domains[]; + [Write, Description("Probe Required URL. Only applicable when Action is evaluate connection and DomainAction is connectIfNeeded.")] String probeRequiredUrl; + [Write, Description("Network interface to trigger VPN. Possible values are: notConfigured, ethernet, wiFi, cellular."), ValueMap{"notConfigured", "ethernet", "wiFi", "cellular"}, Values{"notConfigured", "ethernet", "wiFi", "cellular"}] String interfaceTypeMatch; + [Write, Description("DNS Search Server Address.")] String dnsServerAddressMatch[]; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphVpnServer +{ + [Write, Description("Address (IP address, FQDN or URL)")] String address; + [Write, Description("Description.")] String description; + [Write, Description("Default server.")] Boolean isDefaultServer; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftvpnProxyServer +{ + [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; + [Write, Description("Address.")] String address; + [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; +}; +[ClassVersion("1.0.0")] +class MSFT_targetedMobileApps +{ + [Write, Description("The application name.")] String name; + [Write, Description("The publisher of the application.")] String publisher; + [Write, Description("The Store URL of the application.")] String appStoreUrl; + [Write, Description("The application or bundle identifier of the application.")] String appId; +}; +class MSFT_CustomData +{ + [Write, Description("Key for the custom data entry.")] String key; + [Write, Description("Value for the custom data entry.")] String value; +}; +class MSFT_customKeyValueData +{ + [Write, Description("Name for the custom data entry.")] String name; + [Write, Description("Value for the custom data entry.")] String value; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyIOS")] +class MSFT_IntuneVPNConfigurationPolicyIOS : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Connection name displayed to the user.")] String connectionName; + [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "customVpn", "ciscoIPSec", "citrix", "ciscoAnyConnectV2", "paloAltoGlobalProtect", "zscalerPrivateAccess", "f5Access2018", "citrixSso", "paloAltoGlobalProtectV2", "ikEv2", "alwaysOn", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "customVpn", "ciscoIPSec", "citrix", "ciscoAnyConnectV2", "paloAltoGlobalProtect", "zscalerPrivateAccess", "f5Access2018", "citrixSso", "paloAltoGlobalProtectV2", "ikEv2", "alwaysOn", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; + [Write, Description("Send all network traffic through VPN.")] Boolean enableSplitTunneling; + [Write, Description("Authentication method for this VPN connection."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; + [Write, Description("Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection.")] String safariDomains[]; + [Write, Description("Associated Domains. These domains will be linked with the VPN configuration.")] String associatedDomains[]; + [Write, Description("Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated.")] String excludedDomains[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; + [Write, Description("Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation.")] Boolean optInToDeviceIdSharing; + [Write, Description("Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.")] String excludeList[]; + [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String server[]; + [Write, Description("Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements"), EmbeddedInstance("MSFT_customData")] String customData[]; + [Write, Description("Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements"), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; + [Write, Description("On-Demand Rules. This collection can contain a maximum of 500 elements."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule")] String onDemandRules[]; + [Write, Description("Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.")] String targetedMobileApps[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; + [Write, Description("Version of the device configuration. Inherited from deviceConfiguration.")] uint32 version; + [Write, Description("Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration.")] String loginGroupOrDomain; + [Write, Description("Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.")] String role; + [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.")] String realm; + [Write, Description("Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration.")] String identifier; + [Write, Description("Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration.")] Boolean enablePerApp; + [Write, Description("Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel."), ValueMap{"notConfigured", "appProxy", "packetTunnel"}, Values{"notConfigured", "appProxy", "packetTunnel"}] String providerType; + [Write, Description("Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration.")] Boolean disableOnDemandUserOverride; + [Write, Description("Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration")] Boolean disconnectOnIdle; + [Write, Description("The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration.")] uint32 disconnectOnIdleTimerInSeconds; + [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; + [Write, Description("Zscaler only. Zscaler cloud which the user is assigned to.")] String cloudName; + [Write, Description("Zscaler only. Blocks network traffic until the user signs into Zscaler app. True means traffic is blocked.")] Boolean strictEnforcement; + [Write, Description("Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead.")] String userDomain; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/readme.md new file mode 100644 index 0000000000..a82c357af2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/readme.md @@ -0,0 +1,6 @@ + +# IntuneVPNConfigurationPolicyIOS + +## Description + +This resource configures an Intune VPN Configuration Policy for iOS Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/settings.json new file mode 100644 index 0000000000..48a95f699a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneVPNConfigurationPolicyIOS", + "description": "This resource configures an Intune VPN Configuration Policy for iOS Device.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 index dcde7e5a1c..85633926f6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -109,8 +109,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWiFiConfiguration' ` } } #endregion @@ -147,8 +147,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -318,7 +318,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -689,7 +689,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 index b932dcfccb..e040f4a3cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 @@ -138,8 +138,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` } } #endregion @@ -183,8 +183,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -382,7 +382,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -776,7 +776,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 index 7d82dc32fc..ad0a462077 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 @@ -109,8 +109,8 @@ function Get-TargetResource if ($null -ne $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` } } #endregion @@ -147,8 +147,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -317,7 +317,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -684,7 +684,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 473d830737..2f64b743c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -109,8 +109,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` } } #endregion @@ -147,8 +147,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -317,7 +317,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -683,7 +683,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index c8e7f22270..ff45215fab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -117,8 +117,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` } } #endregion @@ -157,8 +157,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -335,7 +335,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -709,7 +709,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index 9e552fe569..628cd3fc7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -134,8 +134,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` } } #endregion @@ -178,8 +178,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -764,7 +764,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 4832a845dd..5fae242f57 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -130,8 +130,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` } } #endregion @@ -173,8 +173,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -750,7 +750,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index a547a4a54d..801c8bd986 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -143,8 +143,8 @@ function Get-TargetResource if ($null -eq $getValue) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` } } #endregion @@ -189,8 +189,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -793,7 +793,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index e2f3507941..0bb5e68907 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -115,7 +115,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -204,9 +204,9 @@ function Get-TargetResource #endregion } $rawAssignments = @() - $rawAssignments = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $Id -All + $rawAssignments = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $Id -All $assignmentResult = @() - if($null -ne $rawAssignments -and $rawAssignments.count -gt 0) + if ($null -ne $rawAssignments -and $rawAssignments.count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $rawAssignments -IncludeDeviceFilter $false } @@ -352,12 +352,12 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile') $policy = New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -BodyParameter $CreateParameters #endregion #region new Intune assignment management $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } @@ -388,7 +388,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile') Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -397,13 +397,13 @@ function Set-TargetResource $currentAssignments = @() $currentAssignments += Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $currentInstance.id $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments = ConvertTo-IntunePolicyAssignment -Assignments $Assignments } foreach ($assignment in $intuneAssignments) { - if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type' })) + if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type' })) { New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment ` -WindowsAutopilotDeploymentProfileId $currentInstance.id ` @@ -411,10 +411,10 @@ function Set-TargetResource } else { - $currentAssignments = $currentAssignments | Where-Object { -not($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type') } + $currentAssignments = $currentAssignments | Where-Object { -not($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type') } } } - if($currentAssignments.count -gt 0) + if ($currentAssignments.count -gt 0) { foreach ($assignment in $currentAssignments) { @@ -775,7 +775,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index c0d035c25e..8850cc0c2d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -111,8 +111,8 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue ` - | Where-Object -FilterScript {$null -ne $_.DisplayName} + $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue ` + | Where-Object -FilterScript { $null -ne $_.DisplayName } if ($null -eq $getValue) { @@ -124,7 +124,7 @@ function Get-TargetResource -All ` -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue ` - | Where-Object -FilterScript {$null -ne $_.DisplayName} + | Where-Object -FilterScript { $null -ne $_.DisplayName } } } #endregion @@ -134,7 +134,7 @@ function Get-TargetResource return $nullResult } - if($getValue -is [Array]) + if ($getValue -is [Array]) { Throw "The DisplayName {$DisplayName} returned multiple policies, make sure DisplayName is unique." } @@ -208,9 +208,9 @@ function Get-TargetResource } $rawAssignments = @() - $rawAssignments = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $Id -All + $rawAssignments = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $Id -All $assignmentResult = @() - if($null -ne $rawAssignments -and $rawAssignments.count -gt 0) + if ($null -ne $rawAssignments -and $rawAssignments.count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $rawAssignments -IncludeDeviceFilter $false } @@ -352,13 +352,13 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile') $policy = New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -BodyParameter $CreateParameters #endregion #region new Intune assignment management $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } @@ -389,7 +389,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile') Update-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -400,13 +400,13 @@ function Set-TargetResource $currentAssignments += Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $currentInstance.id $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } foreach ($assignment in $intuneAssignments) { - if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type' })) + if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type' })) { New-MgBetaDeviceManagementWindowsAutopilotDeploymentProfileAssignment ` -WindowsAutopilotDeploymentProfileId $currentInstance.id ` @@ -414,10 +414,10 @@ function Set-TargetResource } else { - $currentAssignments = $currentAssignments | Where-Object { -not($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type') } + $currentAssignments = $currentAssignments | Where-Object { -not($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type') } } } - if($currentAssignments.count -gt 0) + if ($currentAssignments.count -gt 0) { foreach ($assignment in $currentAssignments) { @@ -572,7 +572,10 @@ function Test-TargetResource -Source ($source) ` -Target ($target) - if (-Not $testResult) { break } + if (-Not $testResult) + { + break + } $ValuesToCheck.Remove($key) | Out-Null } @@ -768,7 +771,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 14e808dc25..e1cc0cf279 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -1261,7 +1261,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 index dfb244cf9e..84996211bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 @@ -146,8 +146,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index 9fdd60d498..6b747bf972 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -93,7 +93,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile -WindowsFeatureUpdateProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile -WindowsFeatureUpdateProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -105,8 +105,8 @@ function Get-TargetResource -All ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { - $_.DisplayName -eq $DisplayName - } + $_.DisplayName -eq $DisplayName + } } } #endregion @@ -160,8 +160,8 @@ function Get-TargetResource if ($assignmentsValues.Count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment ` - -IncludeDeviceFilter:$true ` - -Assignments ($assignmentsValues) + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -296,8 +296,8 @@ function Set-TargetResource { $BoundParameters.RolloutSettings = @{ OfferStartDateTimeInUTC = $null - OfferEndDateTimeInUTC = $null - OfferIntervalInDays = $null + OfferEndDateTimeInUTC = $null + OfferIntervalInDays = $null } } @@ -607,7 +607,7 @@ function Test-TargetResource if (($offerStartDate -ne [datetime]::MinValue -and $offerStartDate -lt $currentTime) ` -and ($offerEndDate -ne [datetime]::MinValue -and $offerEndDate -lt $currentTime)) { - Write-Verbose -Message "Start and end time are in the past, skip the configuration." + Write-Verbose -Message 'Start and end time are in the past, skip the configuration.' Write-Verbose -Message "Test-TargetResource returned $true" return $true } @@ -641,8 +641,8 @@ function Test-TargetResource if ($testResult -and $offerEndDate -ne [datetime]::MinValue -and $currentOfferEndDate -ne [datetime]::MinValue) { if ($offerStartDate -ne $currentOfferStartDate ` - -and $offerStartDate -gt $currentTime ` - -and $offerStartDate -lt $currentTime.AddDays(2)) + -and $offerStartDate -gt $currentTime ` + -and $offerStartDate -lt $currentTime.AddDays(2)) { Write-Verbose -Message 'OfferStartDateTimeInUTC must be greater than the current time + 2 days to be changable if OfferEndDateTimeInUTC is specified, resetting testResult to true.' $testResult = $true @@ -743,7 +743,7 @@ function Export-TargetResource # [array]$getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile -Filter $Filter -All -ErrorAction Stop if (-not [string]::IsNullOrEmpty($Filter)) { - Write-Warning -Message "Microsoft Graph filter is not supported on this resource. Only best-effort filtering using startswith, endswith and contains is supported." + Write-Warning -Message 'Microsoft Graph filter is not supported on this resource. Only best-effort filtering using startswith, endswith and contains is supported.' $complexFunctions = Get-ComplexFunctionsFromFilterQuery -FilterQuery $Filter $Filter = Remove-ComplexFunctionsFromFilterQuery -FilterQuery $Filter } @@ -844,7 +844,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/readme.md index 43ba886fcb..4c0c37a44a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/readme.md @@ -7,19 +7,19 @@ Intune Windows Update For Business Feature Update Profile for Windows10 ## RolloutSettings -The RolloutSettings for this resource have the following constraints and notes: +The RolloutSettings for this resource have the following constraints and notes: * When creating a policy: - * If only a start date is specified, then the start date must be at least today. + * If only a start date is specified, then the start date must be at least today. * If the desired state date is before the current date, it will be adjusted to the current date. - * If a start and end date is specified, the start date must be the current date + 2 days, and + * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date. * If the start date is before the current date + 2 days, it will be adjusted to this date. * When updating a policy: - * If only a start date is specified, then the start date must either be the date from the current - configuration or the current date (or later). + * If only a start date is specified, then the start date must either be the date from the current + configuration or the current date (or later). * If the desired state date is before the current date, it will be adjusted to the current date. - * If a start and end date is specified, the start date must be the current date + 2 days, and + * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date. * If the start date is before the current date + 2 days, it will be adjusted to this date. * When testing a policy: diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 index 6948b0b3ce..7a774e7197 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 @@ -86,7 +86,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile -WindowsQualityUpdateProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile -WindowsQualityUpdateProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -97,8 +97,8 @@ function Get-TargetResource $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile ` -All ` -ErrorAction SilentlyContinue | Where-Object -FilterScript { - $_.DisplayName -eq $DisplayName - } + $_.DisplayName -eq $DisplayName + } } } #endregion @@ -114,7 +114,7 @@ function Get-TargetResource $complexExpeditedUpdateSettings = @{} $complexExpeditedUpdateSettings.Add('DaysUntilForcedReboot', $getValue.ExpeditedUpdateSettings.daysUntilForcedReboot) $complexExpeditedUpdateSettings.Add('QualityUpdateRelease', $getValue.ExpeditedUpdateSettings.qualityUpdateRelease) - if ($complexExpeditedUpdateSettings.values.Where({$null -ne $_}).Count -eq 0) + if ($complexExpeditedUpdateSettings.values.Where({ $null -ne $_ }).Count -eq 0) { $complexExpeditedUpdateSettings = $null } @@ -122,18 +122,18 @@ function Get-TargetResource $results = @{ #region resource generator code - Description = $getValue.Description - DisplayName = $getValue.DisplayName - ExpeditedUpdateSettings = $complexExpeditedUpdateSettings - RoleScopeTagIds = $getValue.RoleScopeTagIds - Id = $getValue.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Description = $getValue.Description + DisplayName = $getValue.DisplayName + ExpeditedUpdateSettings = $complexExpeditedUpdateSettings + RoleScopeTagIds = $getValue.RoleScopeTagIds + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent #endregion } @@ -238,7 +238,7 @@ function Set-TargetResource if ($ExpeditedUpdateSettings.DaysUntilForcedReboot -lt 0 -or $ExpeditedUpdateSettings.DaysUntilForcedReboot -gt 2) { - throw "DaysUntilForcedReboot must be between 0 and 2." + throw 'DaysUntilForcedReboot must be between 0 and 2.' } $currentInstance = Get-TargetResource @PSBoundParameters @@ -248,7 +248,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Windows Update For Business Quality Update Profile for Windows10 with DisplayName {$DisplayName}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $createParameters = ([Hashtable]$BoundParameters).clone() $createParameters = Rename-M365DSCCimInstanceParameter -Properties $createParameters @@ -278,7 +278,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Windows Update For Business Quality Update Profile for Windows10 with Id {$($currentInstance.Id)}" - $BoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null $updateParameters = ([Hashtable]$BoundParameters).clone() $updateParameters = Rename-M365DSCCimInstanceParameter -Properties $updateParameters @@ -394,7 +394,7 @@ function Test-TargetResource if ($ExpeditedUpdateSettings.DaysUntilForcedReboot -lt 0 -or $ExpeditedUpdateSettings.DaysUntilForcedReboot -gt 2) { - throw "DaysUntilForcedReboot must be between 0 and 2." + throw 'DaysUntilForcedReboot must be between 0 and 2.' } Write-Verbose -Message "Testing configuration of the Intune Windows Update For Business Quality Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName}" @@ -509,7 +509,7 @@ function Export-TargetResource # [array]$getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile -Filter $Filter -All -ErrorAction Stop if (-not [string]::IsNullOrEmpty($Filter)) { - Write-Warning -Message "Microsoft Graph filter is not supported on this resource. Only best-effort filtering using startswith, endswith and contains is supported." + Write-Warning -Message 'Microsoft Graph filter is not supported on this resource. Only best-effort filtering using startswith, endswith and contains is supported.' $complexFunctions = Get-ComplexFunctionsFromFilterQuery -FilterQuery $Filter $Filter = Remove-ComplexFunctionsFromFilterQuery -FilterQuery $Filter } @@ -536,16 +536,16 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Id = $config.Id - DisplayName = $config.DisplayName - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -586,12 +586,12 @@ function Export-TargetResource -Credential $Credential if ($Results.ExpeditedUpdateSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ExpeditedUpdateSettings" -IsCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ExpeditedUpdateSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/settings.json index 836f8affe2..a5f0fc4fc6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/settings.json @@ -1,41 +1,41 @@ { - "resourceName":"IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10", - "description":"This resource configures an Intune Windows Update For Business Quality Update Profile for Windows10.", - "permissions":{ - "graph":{ - "delegated":{ - "read":[ + "resourceName": "IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10", + "description": "This resource configures an Intune Windows Update For Business Quality Update Profile for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] }, - "application":{ - "read":[ + "application": { + "read": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.Read.All" + "name": "DeviceManagementConfiguration.Read.All" } ], - "update":[ + "update": [ { "name": "Group.Read.All" }, { - "name":"DeviceManagementConfiguration.ReadWrite.All" + "name": "DeviceManagementConfiguration.ReadWrite.All" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 index 8c0c75447f..c6f949c65e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -223,7 +223,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -419,9 +419,9 @@ function Get-TargetResource } $rawAssignments = @() - $rawAssignments = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id -All + $rawAssignments = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id -All $assignmentResult = @() - if($null -ne $rawAssignments -and $rawAssignments.count -gt 0) + if ($null -ne $rawAssignments -and $rawAssignments.count -gt 0) { $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $rawAssignments } @@ -684,12 +684,12 @@ function Set-TargetResource } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsUpdateForBusinessConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsUpdateForBusinessConfiguration') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters #endregion #region new Intune assignment management $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } @@ -720,7 +720,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsUpdateForBusinessConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsUpdateForBusinessConfiguration') Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.id ` -BodyParameter $UpdateParameters @@ -730,13 +730,13 @@ function Set-TargetResource $currentAssignments += Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $currentInstance.id $intuneAssignments = @() - if($null -ne $Assignments -and $Assignments.count -gt 0) + if ($null -ne $Assignments -and $Assignments.count -gt 0) { $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } foreach ($assignment in $intuneAssignments) { - if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type' })) + if ( $null -eq ($currentAssignments | Where-Object { $_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type' })) { New-MgBetaDeviceManagementDeviceConfigurationAssignment ` -DeviceConfigurationId $currentInstance.id ` @@ -744,10 +744,10 @@ function Set-TargetResource } else { - $currentAssignments = $currentAssignments | Where-Object { -not($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties."@odata.type" -eq $assignment.Target.'@odata.type') } + $currentAssignments = $currentAssignments | Where-Object { -not($_.Target.AdditionalProperties.groupId -eq $assignment.Target.groupId -and $_.Target.AdditionalProperties.'@odata.type' -eq $assignment.Target.'@odata.type') } } } - if($currentAssignments.count -gt 0) + if ($currentAssignments.count -gt 0) { foreach ($assignment in $currentAssignments) { @@ -1004,7 +1004,10 @@ function Test-TargetResource -Source ($source) ` -Target ($target) - if (-Not $testResult) { break } + if (-Not $testResult) + { + break + } $ValuesToCheck.Remove($key) | Out-Null } @@ -1185,7 +1188,7 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Request not applicable to target tenant*") + $_.Exception -like '*Request not applicable to target tenant*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index 8ada1a8d24..1fc4de20b4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -162,12 +162,15 @@ function Test-TargetResource TenantId = $PSBoundParameters.TenantId CertificateThumbprint = $PSBoundParameters.CertificateThumbprint ManagedIdentity = $PSBoundParameters.ManagedIdentity - AccessTokens = $AccessTokens } if ($null -ne $PSBoundParameters.ApplicationSecret) { - $params.Add("ApplicationSecret", $PSBoundParameters.ApplicationSecret) + $params.Add('ApplicationSecret', $PSBoundParameters.ApplicationSecret) + } + if ($null -ne $PSBoundParameters.AccessTokens) + { + $params.Add('AccessTokens', $PSBoundParameters.AccessTokens) } Write-Verbose -Message "Importing module from Path {$($module)}" @@ -199,11 +202,11 @@ function Test-TargetResource M365TenantConfig -ConfigurationData .\ConfigurationData.psd1 "@ - Write-Verbose -Message "Converting the retrieved instances into DSC Objects" + Write-Verbose -Message 'Converting the retrieved instances into DSC Objects' $DSCConvertedInstances = ConvertTo-DSCObject -Content $DSCStringContent Write-Verbose -Message "Successfully converted {$($DSCConvertedInstances.Length)} DSC Objects." - Write-Verbose -Message "Querying DSC Objects for invalid instances based on the specified Rule Definition." + Write-Verbose -Message 'Querying DSC Objects for invalid instances based on the specified Rule Definition.' if ($RuleDefinition -eq '*') { [Array]$instances = $DSCConvertedInstances @@ -219,24 +222,24 @@ function Test-TargetResource $result = ($instances.Length - $DSCConvertedInstances.Length) -eq 0 $message = [System.Text.StringBuilder]::New() - [void]$message.AppendLine("") + [void]$message.AppendLine('') [void]$message.AppendLine(" $ResourceTypeName") [void]$message.AppendLine(" $RuleDefinition") if ($instances.Length -eq 0) { [array]$invalidInstances = $DSCConvertedInstances.ResourceInstanceName - [void]$message.AppendLine(" ") - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') + [void]$message.AppendLine(' ') } else { if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery)) { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') [void]$message.AppendLine(" $AfterRuleCountQuery") - Write-Verbose -Message "Checking the After Rule Count Query" + Write-Verbose -Message 'Checking the After Rule Count Query' $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery" $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString) $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock) @@ -245,37 +248,37 @@ function Test-TargetResource if (-not $result) { - [void]$message.AppendLine(" False") - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' False') + [void]$message.AppendLine(' ') if ($validInstances.Count -gt 0) { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') foreach ($validInstance in $validInstances) { [void]$message.AppendLine(" [$ResourceTypeName]$validInstance") } - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } else { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } } else { - [void]$message.AppendLine(" True") - [void]$message.AppendLine(" ") - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' True') + [void]$message.AppendLine(' ') + [void]$message.AppendLine(' ') foreach ($validInstance in $validInstances) { [void]$message.AppendLine(" [$ResourceTypeName]$validInstance") } - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } } else { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') $compareInstances = @() $compareInstances += Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName -IncludeEqual @@ -292,16 +295,16 @@ function Test-TargetResource if ($validInstances.Count -gt 0) { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') foreach ($validInstance in $validInstances) { [void]$message.AppendLine(" [$ResourceTypeName]$validInstance") } - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } else { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } } } @@ -309,18 +312,18 @@ function Test-TargetResource # Log drifts for each invalid instances found. if ($invalidInstances.Count -gt 0) { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') foreach ($invalidInstance in $invalidInstances) { [void]$message.AppendLine(" [$ResourceTypeName]$invalidInstance") } - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } else { - [void]$message.AppendLine(" ") + [void]$message.AppendLine(' ') } - [void]$message.AppendLine("") + [void]$message.AppendLine('') $Parameters = @{ Message = $message.ToString() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 index fd8834c6c3..2b8e1597e2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365ExternalConnection/MSFT_O365ExternalConnection.psm1 @@ -73,12 +73,12 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } } else @@ -223,9 +223,9 @@ function Set-TargetResource } } $body = @{ - id = $Id - name = $Name - description = $Description + id = $Id + name = $Name + description = $Description configuration = @{ AuthorizedAppIds = $AuthorizedAppIdsValue } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 index 8d6020d84d..3533a0e8a9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 @@ -581,7 +581,8 @@ function Export-TargetResource All = [switch]$true ErrorAction = 'Stop' } - if ($Filter -like "*endsWith*") { + if ($Filter -like '*endsWith*') + { $ExportParameters.Add('CountVariable', 'count') $ExportParameters.Add('ConsistencyLevel', 'eventual') } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 2381352852..da043b7400 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -163,7 +163,7 @@ function Get-TargetResource # Workaround for issue when if connected to S+C prior to calling cmdlet, an error about an invalid token is thrown. # If connected to S+C, then we need to re-initialize the connection to EXO. if ($Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected -and ` - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Connected) + $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Connected) { $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() $Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected = $false @@ -204,7 +204,7 @@ function Get-TargetResource $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled' -ErrorAction SilentlyContinue if ($null -eq $M365WebEnableUsersToOpenFilesFrom3PStorageValue) { - Write-Verbose -Message "Registering the Office on the web Service Principal" + Write-Verbose -Message 'Registering the Office on the web Service Principal' New-MgServicePrincipal -AppId 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' -ErrorAction Stop | Out-Null $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled' -ErrorAction SilentlyContinue } @@ -308,7 +308,7 @@ function Get-TargetResource $servicePrincipal = Get-MgServicePrincipal -Filter "appid eq 'ebe0c285-db95-403f-a1a3-a793bd6d7767'" if ($null -eq $servicePrincipal) { - Write-Verbose -Message "Registering the MRO Device Manager Service Principal" + Write-Verbose -Message 'Registering the MRO Device Manager Service Principal' New-MgServicePrincipal -AppId 'ebe0c285-db95-403f-a1a3-a793bd6d7767' -ErrorAction Stop | Out-Null } } @@ -359,13 +359,13 @@ function Get-TargetResource if ($null -ne $FormsSettings) { $results += @{ - FormsIsExternalSendFormEnabled = $FormsSettings.isExternalSendFormEnabled - FormsIsExternalShareCollaborationEnabled = $FormsSettings.isExternalShareCollaborationEnabled - FormsIsExternalShareResultEnabled = $FormsSettings.isExternalShareResultEnabled - FormsIsExternalShareTemplateEnabled = $FormsSettings.isExternalShareTemplateEnabled - FormsIsRecordIdentityByDefaultEnabled = $FormsSettings.isRecordIdentityByDefaultEnabled - FormsIsBingImageSearchEnabled = $FormsSettings.isBingImageSearchEnabled - FormsIsInOrgFormsPhishingScanEnabled = $FormsSettings.isInOrgFormsPhishingScanEnabled + FormsIsExternalSendFormEnabled = $FormsSettings.isExternalSendFormEnabled + FormsIsExternalShareCollaborationEnabled = $FormsSettings.isExternalShareCollaborationEnabled + FormsIsExternalShareResultEnabled = $FormsSettings.isExternalShareResultEnabled + FormsIsExternalShareTemplateEnabled = $FormsSettings.isExternalShareTemplateEnabled + FormsIsRecordIdentityByDefaultEnabled = $FormsSettings.isRecordIdentityByDefaultEnabled + FormsIsBingImageSearchEnabled = $FormsSettings.isBingImageSearchEnabled + FormsIsInOrgFormsPhishingScanEnabled = $FormsSettings.isInOrgFormsPhishingScanEnabled } } @@ -385,8 +385,8 @@ function Get-TargetResource if ($null -ne $AppsAndServicesSettings) { $results += @{ - AppsAndServicesIsOfficeStoreEnabled = $AppsAndServicesSettings.isOfficeStoreEnabled - AppsAndServicesIsAppAndServicesTrialEnabled = $AppsAndServicesSettings.IsAppAndServicesTrialEnabled + AppsAndServicesIsOfficeStoreEnabled = $AppsAndServicesSettings.isOfficeStoreEnabled + AppsAndServicesIsAppAndServicesTrialEnabled = $AppsAndServicesSettings.IsAppAndServicesTrialEnabled } } @@ -395,9 +395,9 @@ function Get-TargetResource if ($null -ne $ToDoSettings) { $results += @{ - ToDoIsPushNotificationEnabled = $ToDoSettings.IsPushNotificationEnabled - ToDoIsExternalJoinEnabled = $ToDoSettings.IsExternalJoinEnabled - ToDoIsExternalShareEnabled = $ToDoSettings.IsExternalShareEnabled + ToDoIsPushNotificationEnabled = $ToDoSettings.IsPushNotificationEnabled + ToDoIsExternalJoinEnabled = $ToDoSettings.IsExternalJoinEnabled + ToDoIsExternalShareEnabled = $ToDoSettings.IsExternalShareEnabled } } @@ -597,7 +597,7 @@ function Set-TargetResource Write-Verbose -Message "Updating the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' - Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` + Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage } if ($PSBoundParameters.ContainsKey('PlannerAllowCalendarSharing') -and ` @@ -624,7 +624,7 @@ function Set-TargetResource # Microsoft Viva Briefing Email if ($null -ne $MicrosoftVivaBriefingEmail) { - Write-Verbose -Message "DEPRECATED - The MicrosoftVivaBriefingEmail parameter is deprecated and will be ignored." + Write-Verbose -Message 'DEPRECATED - The MicrosoftVivaBriefingEmail parameter is deprecated and will be ignored.' } #$briefingValue = 'opt-out' @@ -639,29 +639,29 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('VivaInsightsWebExperience') -and ` ($currentValues.VivaInsightsWebExperience -ne $VivaInsightsWebExperience)) { - Write-Verbose -Message "Updating Viva Insights settings for Web Experience" - Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Dashboard" -IsEnabled $VivaInsightsWebExperience -Verbose:$false | Out-Null + Write-Verbose -Message 'Updating Viva Insights settings for Web Experience' + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature 'Dashboard' -IsEnabled $VivaInsightsWebExperience -Verbose:$false | Out-Null } if ($PSBoundParameters.ContainsKey('VivaInsightsDigestEmail') -and ` ($currentValues.VivaInsightsDigestEmail -ne $VivaInsightsDigestEmail)) { - Write-Verbose -Message "Updating Viva Insights settings for Digest Email" - Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Digest-email" -IsEnabled $VivaInsightsDigestEmail -Verbose:$false | Out-Null + Write-Verbose -Message 'Updating Viva Insights settings for Digest Email' + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature 'Digest-email' -IsEnabled $VivaInsightsDigestEmail -Verbose:$false | Out-Null } if ($PSBoundParameters.ContainsKey('VivaInsightsOutlookAddInAndInlineSuggestions') -and ` ($currentValues.VivaInsightsOutlookAddInAndInlineSuggestions -ne $VivaInsightsOutlookAddInAndInlineSuggestions)) { - Write-Verbose -Message "Updating Viva Insights settings for Addin and Inline Suggestions" - Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Add-In" -IsEnabled $VivaInsightsOutlookAddInAndInlineSuggestions -Verbose:$false | Out-Null + Write-Verbose -Message 'Updating Viva Insights settings for Addin and Inline Suggestions' + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature 'Add-In' -IsEnabled $VivaInsightsOutlookAddInAndInlineSuggestions -Verbose:$false | Out-Null } if ($PSBoundParameters.ContainsKey('VivaInsightsScheduleSendSuggestions') -and ` ($currentValues.VivaInsightsScheduleSendSuggestions -ne $VivaInsightsScheduleSendSuggestions)) { - Write-Verbose -Message "Updating Viva Insights settings for ScheduleSendSuggestions" - Set-DefaultTenantMyAnalyticsFeatureConfig -Feature "Scheduled-send" -IsEnabled $VivaInsightsScheduleSendSuggestions -Verbose:$false | Out-Null + Write-Verbose -Message 'Updating Viva Insights settings for ScheduleSendSuggestions' + Set-DefaultTenantMyAnalyticsFeatureConfig -Feature 'Scheduled-send' -IsEnabled $VivaInsightsScheduleSendSuggestions -Verbose:$false | Out-Null } # Reports Display Names @@ -674,29 +674,29 @@ function Set-TargetResource } # Apps Installation - if (($PSBoundParameters.ContainsKey("InstallationOptionsAppsForWindows") -or ` - $PSBoundParameters.ContainsKey("InstallationOptionsAppsForMac")) -and ` + if (($PSBoundParameters.ContainsKey('InstallationOptionsAppsForWindows') -or ` + $PSBoundParameters.ContainsKey('InstallationOptionsAppsForMac')) -and ` ($null -ne (Compare-Object -ReferenceObject $currentValues.InstallationOptionsAppsForWindows -DifferenceObject $InstallationOptionsAppsForWindows) -or ` - $null -ne (Compare-Object -ReferenceObject $currentValues.InstallationOptionsAppsForMac -DifferenceObject $InstallationOptionsAppsForMac))) + $null -ne (Compare-Object -ReferenceObject $currentValues.InstallationOptionsAppsForMac -DifferenceObject $InstallationOptionsAppsForMac))) { $ConnectionModeTasks = New-M365DSCConnection -Workload 'Tasks' ` -InboundParameters $PSBoundParameters $InstallationOptions = Get-M365DSCOrgSettingsInstallationOptions -AuthenticationOption $ConnectionModeTasks $InstallationOptionsToUpdate = @{ - updateChannel = "" + updateChannel = '' appsForWindows = @{ isMicrosoft365AppsEnabled = $false isProjectEnabled = $false isSkypeForBusinessEnabled = $false isVisioEnabled = $false } - appsForMac = @{ + appsForMac = @{ isMicrosoft365AppsEnabled = $false isSkypeForBusinessEnabled = $false } } - if ($PSBoundParameters.ContainsKey("InstallationOptionsUpdateChannel") -and ` + if ($PSBoundParameters.ContainsKey('InstallationOptionsUpdateChannel') -and ` ($InstallationOptionsUpdateChannel -ne $InstallationOptions.updateChannel)) { $InstallationOptionsToUpdate.updateChannel = $InstallationOptionsUpdateChannel @@ -706,7 +706,7 @@ function Set-TargetResource $InstallationOptionsToUpdate.Remove('updateChannel') | Out-Null } - if ($PSBoundParameters.ContainsKey("InstallationOptionsAppsForWindows")) + if ($PSBoundParameters.ContainsKey('InstallationOptionsAppsForWindows')) { foreach ($key in $InstallationOptionsAppsForWindows) { @@ -718,7 +718,7 @@ function Set-TargetResource $InstallationOptionsToUpdate.Remove('appsForWindows') | Out-Null } - if ($PSBoundParameters.ContainsKey("InstallationOptionsAppsForMac")) + if ($PSBoundParameters.ContainsKey('InstallationOptionsAppsForMac')) { foreach ($key in $InstallationOptionsAppsForMac) { @@ -1017,7 +1017,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - $ValuesToCheck.Remove("MicrosoftVivaBriefingEmail") | Out-Null + $ValuesToCheck.Remove('MicrosoftVivaBriefingEmail') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" @@ -1139,10 +1139,10 @@ function Get-M365DSCO365OrgSettingsPlannerConfig try { - $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + "/taskAPI/tenantAdminSettings/Settings"; + $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings' [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $results = Invoke-RestMethod -ContentType "application/json;odata.metadata=full" ` - -Headers @{"Accept"="application/json"; "Authorization"=$Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; "Accept-Charset"="UTF-8"; "OData-Version"="4.0;NetFx"; "OData-MaxVersion"="4.0;NetFx"} ` + $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method GET ` $Uri -ErrorAction Stop return $results @@ -1151,11 +1151,11 @@ function Get-M365DSCO365OrgSettingsPlannerConfig { if ($_.Exception.Message -eq 'The request was aborted: Could not create SSL/TLS secure channel.') { - Write-Warning -Message "Could not create SSL/TLS secure channel. Skipping the Planner settings." + Write-Warning -Message 'Could not create SSL/TLS secure channel. Skipping the Planner settings.' } else { - Write-Verbose -Message "Not able to retrieve Office 365 Planner Settings. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve Office 365 Planner Settings. Please ensure correct permissions have been granted.' New-M365DSCLogEntry -Message 'Error updating Office 365 Planner Settings' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -1182,9 +1182,9 @@ function Set-M365DSCO365OrgSettingsPlannerConfig } $requestBody = $flags | ConvertTo-Json - $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + "/taskAPI/tenantAdminSettings/Settings"; - $results = Invoke-RestMethod -ContentType "application/json;odata.metadata=full" ` - -Headers @{"Accept"="application/json"; "Authorization"=$Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; "Accept-Charset"="UTF-8"; "OData-Version"="4.0;NetFx"; "OData-MaxVersion"="4.0;NetFx"} ` + $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings' + $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method PATCH ` -Body $requestBody ` $Uri @@ -1209,7 +1209,7 @@ function Get-M365DSCOrgSettingsInstallationOptions } catch { - Write-Verbose -Message "Not able to retrieve Office 365 Apps Installation Options. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve Office 365 Apps Installation Options. Please ensure correct permissions have been granted.' return $null } } @@ -1241,8 +1241,8 @@ function Update-M365DSCOrgSettingsInstallationOptions if ($AuthenticationOption -eq 'Credentials') { $errorMessage = "You don't have the proper permissions to update the Office 365 Apps Installation Options." ` - + " When using Credentials to authenticate, you need to grant permissions to the Microsoft Graph PowerShell SDK by running" ` - + " Connect-MgGraph -Scopes OrgSettings-Microsoft365Install.ReadWrite.All" + + ' When using Credentials to authenticate, you need to grant permissions to the Microsoft Graph PowerShell SDK by running' ` + + ' Connect-MgGraph -Scopes OrgSettings-Microsoft365Install.ReadWrite.All' Write-Error -Message $errorMessage } } @@ -1264,7 +1264,7 @@ function Get-M365DSCOrgSettingsForms } catch { - Write-Verbose -Message "Not able to retrieve O365OrgSettings Forms Settings. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve O365OrgSettings Forms Settings. Please ensure correct permissions have been granted.' return $null } } @@ -1282,7 +1282,7 @@ function Update-M365DSCOrgSettingsForms try { - Write-Verbose -Message "Updating Forms Settings" + Write-Verbose -Message 'Updating Forms Settings' $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } @@ -1311,7 +1311,7 @@ function Get-M365DSCOrgSettingsDynamicsCustomerVoice } catch { - Write-Verbose -Message "Not able to retrieve O365OrgSettings Dynamics Customer Voice Settings. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve O365OrgSettings Dynamics Customer Voice Settings. Please ensure correct permissions have been granted.' return $null } } @@ -1357,7 +1357,7 @@ function Get-M365DSCOrgSettingsAppsAndServices } catch { - Write-Verbose -Message "Not able to retrieve O365OrgSettings Apps and Services Settings. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve O365OrgSettings Apps and Services Settings. Please ensure correct permissions have been granted.' return $null } } @@ -1402,7 +1402,7 @@ function Get-M365DSCOrgSettingsToDo } catch { - Write-Verbose -Message "Not able to retrieve ToDo settings. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve ToDo settings. Please ensure correct permissions have been granted.' return $null } } @@ -1449,7 +1449,7 @@ function Get-M365DSCOrgSettingsAdminCenterReport } catch { - Write-Verbose -Message "Not able to retrieve Office 365 Report Settings. Please ensure correct permissions have been granted." + Write-Verbose -Message 'Not able to retrieve Office 365 Report Settings. Please ensure correct permissions have been granted.' return $null } } @@ -1466,7 +1466,7 @@ function Update-M365DSCOrgSettingsAdminCenterReport $VerbosePreference = 'SilentlyContinue' $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings' $body = @{ - "@odata.context" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity' + '@odata.context' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity' displayConcealedNames = $DisplayConcealedNames } Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $body | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 index 530689c86a..b31439d5bb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -83,7 +83,7 @@ function Get-TargetResource { if ($_.Exception.Message -eq "[BadRequest] : Resource not found for the segment 'peopleInsights'.") { - Write-Warning -Message "The peopleInsights segment is not available in the selected environment." + Write-Warning -Message 'The peopleInsights segment is not available in the selected environment.' } } @@ -170,7 +170,7 @@ function Set-TargetResource OrganizationId = $TenantId IsEnabledInOrganization = $ItemInsightsIsEnabledInOrganization } - if ($PSBoundParameters.ContainsKey("ItemInsightsDisabledForGroup")) + if ($PSBoundParameters.ContainsKey('ItemInsightsDisabledForGroup')) { $disabledForGroupValue = $null try @@ -186,9 +186,9 @@ function Set-TargetResource -TenantId $TenantId ` -Credential $Credential } - $ItemInsightsUpdateParams.Add("DisabledForGroup", $disabledForGroupValue) + $ItemInsightsUpdateParams.Add('DisabledForGroup', $disabledForGroupValue) } - Write-Verbose -Message "Updating settings for Item Insights" + Write-Verbose -Message 'Updating settings for Item Insights' Update-MgBetaOrganizationSettingItemInsight @ItemInsightsUpdateParams | Out-Null #endregion @@ -197,7 +197,7 @@ function Set-TargetResource OrganizationId = $TenantId IsEnabledInOrganization = $ItemInsightsIsEnabledInOrganization } - if ($PSBoundParameters.ContainsKey("PersonInsightsDisabledForGroup")) + if ($PSBoundParameters.ContainsKey('PersonInsightsDisabledForGroup')) { $disabledForGroupValue = $null try @@ -213,10 +213,10 @@ function Set-TargetResource -TenantId $TenantId ` -Credential $Credential } - $PersonInsightsUpdateParams.Add("DisabledForGroup", $disabledForGroupValue) + $PersonInsightsUpdateParams.Add('DisabledForGroup', $disabledForGroupValue) } - Write-Verbose -Message "Updating settings for Person Insights" + Write-Verbose -Message 'Updating settings for Person Insights' Update-MgBetaOrganizationSettingPersonInsight @PersonInsightsUpdateParams | Out-Null #endregion } @@ -323,9 +323,9 @@ function Export-TargetResource } $Params = @{ - IsSingleInstance = 'Yes' - Credential = $Credential - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPAdminDLPPolicy/MSFT_PPAdminDLPPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPAdminDLPPolicy/MSFT_PPAdminDLPPolicy.psm1 index bb6bde14be..db16bfe125 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPAdminDLPPolicy/MSFT_PPAdminDLPPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPAdminDLPPolicy/MSFT_PPAdminDLPPolicy.psm1 @@ -72,12 +72,12 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($PolicyName)) { - $instances = $Script:exportedInstances | Where-Object -FilterScript {$_.PolicyName -eq $PolicyName} + $instances = $Script:exportedInstances | Where-Object -FilterScript { $_.PolicyName -eq $PolicyName } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } else @@ -89,7 +89,7 @@ function Get-TargetResource if ($null -eq $instance) { - $instance = Get-AdminDlpPolicy | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + $instance = Get-AdminDlpPolicy | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } if ($null -eq $instance) @@ -197,7 +197,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating new Data Policy {$DisplayName}" - $policy = New-AdminDLPPolicy -DisplayName $DisplayName + $policy = New-AdminDlpPolicy -DisplayName $DisplayName $policyName = $policy.PolicyName } if ($setParameters.ContainsKey('PolicyName')) @@ -206,7 +206,7 @@ function Set-TargetResource } else { - $setParameters.Add("PolicyName", $policyName) + $setParameters.Add('PolicyName', $policyName) } # UPDATE @@ -220,13 +220,13 @@ function Set-TargetResource $setParameters.Environments = ($setParameters.Environments -join ',') } Write-Verbose -Message "Updating Data Policy {$DisplayName} with values:`r`n$(Convert-M365DscHashtableToString -Hashtable $setParameters)" - Set-AdminDLPPolicy @setParameters + Set-AdminDlpPolicy @setParameters } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing Data Policy {$DisplayName}" - Remove-AdminDLPPolicy -PolicyName $policyName + Remove-AdminDlpPolicy -PolicyName $policyName } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPDLPPolicyConnectorConfigurations/MSFT_PPDLPPolicyConnectorConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPDLPPolicyConnectorConfigurations/MSFT_PPDLPPolicyConnectorConfigurations.psm1 index ea6471b259..2a56387cc8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPDLPPolicyConnectorConfigurations/MSFT_PPDLPPolicyConnectorConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPDLPPolicyConnectorConfigurations/MSFT_PPDLPPolicyConnectorConfigurations.psm1 @@ -65,15 +65,15 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $policy = Get-AdminDlpPolicy | Where-Object -FilterScript {$_.DisplayName -eq $PolicyName} + $policy = Get-AdminDlpPolicy | Where-Object -FilterScript { $_.DisplayName -eq $PolicyName } if ($null -eq $policy) { return $nullResult } - $ActionList = Get-PowerAppDlpPolicyConnectorConfigurations -TenantID $PPTenantId ` - -PolicyName $($policy.PolicyName) + $ActionList = Get-PowerAppDlpPolicyConnectorConfigurations -TenantId $PPTenantId ` + -PolicyName $($policy.PolicyName) $ActionsValue = @() foreach ($action in $ActionList.connectorActionConfigurations) { @@ -95,16 +95,16 @@ function Get-TargetResource } $results = @{ - PPTenantId = $PPTenantId - PolicyName = $PolicyName - ConnectorActionConfigurations = $ActionsValue - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + PPTenantId = $PPTenantId + PolicyName = $PolicyName + ConnectorActionConfigurations = $ActionsValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -183,7 +183,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $policy = Get-AdminDlpPolicy | Where-Object -FilterScript {$_.DisplayName -eq $PolicyName} + $policy = Get-AdminDlpPolicy | Where-Object -FilterScript { $_.DisplayName -eq $PolicyName } $policyNameValue = $policy.PolicyName # CREATE @@ -215,9 +215,9 @@ function Set-TargetResource Write-Verbose -Message "Setting Connector Configuration for Policy {$($PolicyNameValue)} with parameters:`r`n$payload" New-PowerAppDlpPolicyConnectorConfigurations -TenantId $PPTenantId ` - -PolicyName $policyNameValue ` - -NewDlpPolicyConnectorConfigurations $body ` - -Verbose + -PolicyName $policyNameValue ` + -NewDlpPolicyConnectorConfigurations $body ` + -Verbose } # REMOVE elseif ($Ensure -eq 'Absent') @@ -400,14 +400,14 @@ function Export-TargetResource } Write-Host " |---[$i/$($policies.Count)] $($policy.DisplayName)" -NoNewline $params = @{ - PPTenantId = $tenantInfo.TenantId - PolicyName = $policy.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + PPTenantId = $tenantInfo.TenantId + PolicyName = $policy.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -418,9 +418,9 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'actionRules' + Name = 'actionRules' CimInstanceName = 'PPDLPPolicyConnectorConfigurationsActionRules' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 index fc0895a29b..602805cb67 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 @@ -65,15 +65,15 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $policy = Get-AdminDlpPolicy | Where-Object -FilterScript {$_.DisplayName -eq $PolicyName} + $policy = Get-AdminDlpPolicy | Where-Object -FilterScript { $_.DisplayName -eq $PolicyName } if ($null -eq $policy) { return $nullResult } - $rules = Get-PowerAppPolicyUrlPatterns -TenantID $PPTenantId ` - -PolicyName $($policy.PolicyName) + $rules = Get-PowerAppPolicyUrlPatterns -TenantId $PPTenantId ` + -PolicyName $($policy.PolicyName) $RulesValue = @() foreach ($rule in $rules.rules) { @@ -85,16 +85,16 @@ function Get-TargetResource } $results = @{ - PPTenantId = $PPTenantId - PolicyName = $PolicyName - RuleSet = $RulesValue - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + PPTenantId = $PPTenantId + PolicyName = $PolicyName + RuleSet = $RulesValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -173,7 +173,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $policy = Get-AdminDlpPolicy | Where-Object -FilterScript {$_.DisplayName -eq $PolicyName} + $policy = Get-AdminDlpPolicy | Where-Object -FilterScript { $_.DisplayName -eq $PolicyName } $policyNameValue = $policy.PolicyName # CREATE @@ -195,9 +195,9 @@ function Set-TargetResource Write-Verbose -Message "Setting new Url Patterns for Policy {$($PolicyNameValue)} with parameters:`r`n$payload" New-PowerAppPolicyUrlPatterns -TenantId $PPTenantId ` - -PolicyName $policyNameValue ` - -NewUrlPatterns $body ` - -Verbose + -PolicyName $policyNameValue ` + -NewUrlPatterns $body ` + -Verbose } # REMOVE elseif ($Ensure -eq 'Absent') @@ -380,14 +380,14 @@ function Export-TargetResource } Write-Host " |---[$i/$($policies.Count)] $($policy.DisplayName)" -NoNewline $params = @{ - PPTenantId = $tenantInfo.TenantId - PolicyName = $policy.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + PPTenantId = $tenantInfo.TenantId + PolicyName = $policy.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 index c13ca03929..6854e56b39 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 @@ -23,12 +23,12 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057")] + [ValidateSet('1033', '1025', '1069', '1026', '1027', '3076', '2052', '1028', '1050', '1029', '1030', '1043', '1061', '1035', '1036', '1110', '1031', '1032', '1037', '1081', '1038', '1040', '1041', '1087', '1042', '1062', '1063', '1044', '1045', '1046', '2070', '1048', '1049', '2074', '1051', '1060', '3082', '1053', '1054', '1055', '1058', '1066', '3098', '1086', '1057')] $LanguageName, [Parameter()] [System.String] - [ValidateSet("KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD")] + [ValidateSet('KZT', 'ZAR', 'ETB', 'AED', 'BHD', 'DZD', 'EGP', 'IQD', 'JOD', 'KWD', 'LBP', 'LYD', 'MAD', 'OMR', 'QAR', 'SAR', 'SYP', 'TND', 'YER', 'CLP', 'INR', 'AZN', 'RUB', 'BYN', 'BGN', 'NGN', 'BDT', 'CNY', 'EUR', 'BAM', 'USD', 'CZK', 'GBP', 'DKK', 'CHF', 'MVR', 'BTN', 'XCD', 'AUD', 'BZD', 'CAD', 'HKD', 'IDR', 'JMD', 'MYR', 'NZD', 'PHP', 'SGD', 'TTD', 'XDR', 'ARS', 'BOB', 'COP', 'CRC', 'CUP', 'DOP', 'GTQ', 'HNL', 'MXN', 'NIO', 'PAB', 'PEN', 'PYG', 'UYU', 'VES', 'IRR', 'XOF', 'CDF', 'XAF', 'HTG', 'ILS', 'HUF', 'AMD', 'ISK', 'JPY', 'GEL', 'KHR', 'KRW', 'KGS', 'LAK', 'MKD', 'MNT', 'BND', 'MMK', 'NOK', 'NPR', 'PKR', 'PLN', 'AFN', 'BRL', 'MDL', 'RON', 'RWF', 'SEK', 'LKR', 'SOS', 'ALL', 'RSD', 'KES', 'TJS', 'THB', 'ERN', 'TMT', 'BWP', 'TRY', 'UAH', 'UZS', 'VND', 'MOP', 'TWD')] $CurrencyName, [Parameter()] @@ -140,12 +140,12 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057")] + [ValidateSet('1033', '1025', '1069', '1026', '1027', '3076', '2052', '1028', '1050', '1029', '1030', '1043', '1061', '1035', '1036', '1110', '1031', '1032', '1037', '1081', '1038', '1040', '1041', '1087', '1042', '1062', '1063', '1044', '1045', '1046', '2070', '1048', '1049', '2074', '1051', '1060', '3082', '1053', '1054', '1055', '1058', '1066', '3098', '1086', '1057')] $LanguageName, [Parameter()] [System.String] - [ValidateSet("KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD")] + [ValidateSet('KZT', 'ZAR', 'ETB', 'AED', 'BHD', 'DZD', 'EGP', 'IQD', 'JOD', 'KWD', 'LBP', 'LYD', 'MAD', 'OMR', 'QAR', 'SAR', 'SYP', 'TND', 'YER', 'CLP', 'INR', 'AZN', 'RUB', 'BYN', 'BGN', 'NGN', 'BDT', 'CNY', 'EUR', 'BAM', 'USD', 'CZK', 'GBP', 'DKK', 'CHF', 'MVR', 'BTN', 'XCD', 'AUD', 'BZD', 'CAD', 'HKD', 'IDR', 'JMD', 'MYR', 'NZD', 'PHP', 'SGD', 'TTD', 'XDR', 'ARS', 'BOB', 'COP', 'CRC', 'CUP', 'DOP', 'GTQ', 'HNL', 'MXN', 'NIO', 'PAB', 'PEN', 'PYG', 'UYU', 'VES', 'IRR', 'XOF', 'CDF', 'XAF', 'HTG', 'ILS', 'HUF', 'AMD', 'ISK', 'JPY', 'GEL', 'KHR', 'KRW', 'KGS', 'LAK', 'MKD', 'MNT', 'BND', 'MMK', 'NOK', 'NPR', 'PKR', 'PLN', 'AFN', 'BRL', 'MDL', 'RON', 'RWF', 'SEK', 'LKR', 'SOS', 'ALL', 'RSD', 'KES', 'TJS', 'THB', 'ERN', 'TMT', 'BWP', 'TRY', 'UAH', 'UZS', 'VND', 'MOP', 'TWD')] $CurrencyName, [Parameter()] @@ -249,12 +249,12 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057")] + [ValidateSet('1033', '1025', '1069', '1026', '1027', '3076', '2052', '1028', '1050', '1029', '1030', '1043', '1061', '1035', '1036', '1110', '1031', '1032', '1037', '1081', '1038', '1040', '1041', '1087', '1042', '1062', '1063', '1044', '1045', '1046', '2070', '1048', '1049', '2074', '1051', '1060', '3082', '1053', '1054', '1055', '1058', '1066', '3098', '1086', '1057')] $LanguageName, [Parameter()] [System.String] - [ValidateSet("KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD")] + [ValidateSet('KZT', 'ZAR', 'ETB', 'AED', 'BHD', 'DZD', 'EGP', 'IQD', 'JOD', 'KWD', 'LBP', 'LYD', 'MAD', 'OMR', 'QAR', 'SAR', 'SYP', 'TND', 'YER', 'CLP', 'INR', 'AZN', 'RUB', 'BYN', 'BGN', 'NGN', 'BDT', 'CNY', 'EUR', 'BAM', 'USD', 'CZK', 'GBP', 'DKK', 'CHF', 'MVR', 'BTN', 'XCD', 'AUD', 'BZD', 'CAD', 'HKD', 'IDR', 'JMD', 'MYR', 'NZD', 'PHP', 'SGD', 'TTD', 'XDR', 'ARS', 'BOB', 'COP', 'CRC', 'CUP', 'DOP', 'GTQ', 'HNL', 'MXN', 'NIO', 'PAB', 'PEN', 'PYG', 'UYU', 'VES', 'IRR', 'XOF', 'CDF', 'XAF', 'HTG', 'ILS', 'HUF', 'AMD', 'ISK', 'JPY', 'GEL', 'KHR', 'KRW', 'KGS', 'LAK', 'MKD', 'MNT', 'BND', 'MMK', 'NOK', 'NPR', 'PKR', 'PLN', 'AFN', 'BRL', 'MDL', 'RON', 'RWF', 'SEK', 'LKR', 'SOS', 'ALL', 'RSD', 'KES', 'TJS', 'THB', 'ERN', 'TMT', 'BWP', 'TRY', 'UAH', 'UZS', 'VND', 'MOP', 'TWD')] $CurrencyName, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 index 5926a34333..baab2973c4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource $tenantIsolationPolicy = Get-PowerAppTenantIsolationPolicy -TenantId $tenantid if ($tenantIsolationPolicy.StatusCode -eq 403) { - throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application. For additional information refer to https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal#registering-an-admin-management-application" + throw 'Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application. For additional information refer to https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal#registering-an-admin-management-application' } [Array]$allowedTenants = $tenantIsolationPolicy.properties.allowedTenants | ForEach-Object { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 index dcfb571714..2177e77ac1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.psm1 @@ -250,33 +250,33 @@ function Get-TargetResource { $PPTenantSettings = Get-TenantSettings -ErrorAction Stop return @{ - IsSingleInstance = 'Yes' + IsSingleInstance = 'Yes' # search - DisableDocsSearch = $PPTenantSettings.powerPlatform.search.disableDocsSearch - DisableCommunitySearch = $PPTenantSettings.powerPlatform.search.disableCommunitySearch - DisableBingVideoSearch = $PPTenantSettings.powerPlatform.search.disableBingVideoSearch + DisableDocsSearch = $PPTenantSettings.powerPlatform.search.disableDocsSearch + DisableCommunitySearch = $PPTenantSettings.powerPlatform.search.disableCommunitySearch + DisableBingVideoSearch = $PPTenantSettings.powerPlatform.search.disableBingVideoSearch #teamsIntegration - ShareWithColleaguesUserLimit = $PPTenantSettings.powerPlatform.teamsIntegration.shareWithColleaguesUserLimit + ShareWithColleaguesUserLimit = $PPTenantSettings.powerPlatform.teamsIntegration.shareWithColleaguesUserLimit #powerApps - DisableShareWithEveryone = $PPTenantSettings.powerPlatform.powerApps.disableShareWithEveryone - EnableGuestsToMake = $PPTenantSettings.powerPlatform.powerApps.enableGuestsToMake - DisableMakerMatch = $PPTenantSettings.powerPlatform.powerApps.disableMakerMatch - DisableUnusedLicenseAssignment = $PPTenantSettings.powerPlatform.powerApps.disableUnusedLicenseAssignment - DisableCreateFromImage = $PPTenantSettings.powerPlatform.powerApps.disableCreateFromImage - DisableCreateFromFigma = $PPTenantSettings.powerPlatform.powerApps.disableCreateFromFigma - EnableCanvasAppInsights = $PPTenantSettings.powerPlatform.powerApps.enableCanvasAppInsights - DisableConnectionSharingWithEveryone = $PPTenantSettings.powerPlatform.powerApps.disableConnectionSharingWithEveryone - AllowNewOrgChannelDefault = $PPTenantSettings.powerPlatform.powerApps.allowNewOrgChannelDefault - DisableCopilot = $PPTenantSettings.powerPlatform.powerApps.disableCopilot + DisableShareWithEveryone = $PPTenantSettings.powerPlatform.powerApps.disableShareWithEveryone + EnableGuestsToMake = $PPTenantSettings.powerPlatform.powerApps.enableGuestsToMake + DisableMakerMatch = $PPTenantSettings.powerPlatform.powerApps.disableMakerMatch + DisableUnusedLicenseAssignment = $PPTenantSettings.powerPlatform.powerApps.disableUnusedLicenseAssignment + DisableCreateFromImage = $PPTenantSettings.powerPlatform.powerApps.disableCreateFromImage + DisableCreateFromFigma = $PPTenantSettings.powerPlatform.powerApps.disableCreateFromFigma + EnableCanvasAppInsights = $PPTenantSettings.powerPlatform.powerApps.enableCanvasAppInsights + DisableConnectionSharingWithEveryone = $PPTenantSettings.powerPlatform.powerApps.disableConnectionSharingWithEveryone + AllowNewOrgChannelDefault = $PPTenantSettings.powerPlatform.powerApps.allowNewOrgChannelDefault + DisableCopilot = $PPTenantSettings.powerPlatform.powerApps.disableCopilot #powerAutomate - DisableCopilotWithBing = $PPTenantSettings.powerPlatform.powerAutomate.disableCopilotWithBing + DisableCopilotWithBing = $PPTenantSettings.powerPlatform.powerAutomate.disableCopilotWithBing #environments - DisablePreferredDataLocationForTeamsEnvironment = $PPTenantSettings.powerPlatform.environments.disablePreferredDataLocationForTeamsEnvironment + DisablePreferredDataLocationForTeamsEnvironment = $PPTenantSettings.powerPlatform.environments.disablePreferredDataLocationForTeamsEnvironment #governance DisableAdminDigest = $PPTenantSettings.powerPlatform.governance.disableAdminDigest @@ -286,57 +286,57 @@ function Get-TargetResource EnvironmentRoutingAllMakers = $PPTenantSettings.powerPlatform.governance.environmentRoutingAllMakers #licensing - DisableBillingPolicyCreationByNonAdminUsers = $PPTenantSettings.powerPlatform.licensing.disableBillingPolicyCreationByNonAdminUsers - EnableTenantCapacityReportForEnvironmentAdmins = $PPTenantSettings.powerPlatform.licensing.enableTenantCapacityReportForEnvironmentAdmins - StorageCapacityConsumptionWarningThreshold = $PPTenantSettings.powerPlatform.licensing.storageCapacityConsumptionWarningThreshold - EnableTenantLicensingReportForEnvironmentAdmins = $PPTenantSettings.powerPlatform.licensing.enableTenantLicensingReportForEnvironmentAdmins - DisableUseOfUnassignedAIBuilderCredits = $PPTenantSettings.powerPlatform.licensing.disableUseOfUnassignedAIBuilderCredits + DisableBillingPolicyCreationByNonAdminUsers = $PPTenantSettings.powerPlatform.licensing.disableBillingPolicyCreationByNonAdminUsers + EnableTenantCapacityReportForEnvironmentAdmins = $PPTenantSettings.powerPlatform.licensing.enableTenantCapacityReportForEnvironmentAdmins + StorageCapacityConsumptionWarningThreshold = $PPTenantSettings.powerPlatform.licensing.storageCapacityConsumptionWarningThreshold + EnableTenantLicensingReportForEnvironmentAdmins = $PPTenantSettings.powerPlatform.licensing.enableTenantLicensingReportForEnvironmentAdmins + DisableUseOfUnassignedAIBuilderCredits = $PPTenantSettings.powerPlatform.licensing.disableUseOfUnassignedAIBuilderCredits #powerPages - EnableGenerativeAIFeaturesForSiteUsers = $PPTenantSettings.powerPlatform.powerPages.enableGenerativeAIFeaturesForSiteUsers - EnableExternalAuthenticationProvidersInPowerPages = $PPTenantSettings.powerPlatform.powerPages.enableExternalAuthenticationProvidersInPowerPages + EnableGenerativeAIFeaturesForSiteUsers = $PPTenantSettings.powerPlatform.powerPages.enableGenerativeAIFeaturesForSiteUsers + EnableExternalAuthenticationProvidersInPowerPages = $PPTenantSettings.powerPlatform.powerPages.enableExternalAuthenticationProvidersInPowerPages #champions - DisableChampionsInvitationReachout = $PPTenantSettings.powerPlatform.champions.disableChampionsInvitationReachout - DisableSkillsMatchInvitationReachout = $PPTenantSettings.powerPlatform.champions.disableSkillsMatchInvitationReachout + DisableChampionsInvitationReachout = $PPTenantSettings.powerPlatform.champions.disableChampionsInvitationReachout + DisableSkillsMatchInvitationReachout = $PPTenantSettings.powerPlatform.champions.disableSkillsMatchInvitationReachout #intelligence - DisableCopilotFeedback = $PPTenantSettings.powerPlatforms.intelligence.disableCopilotFeedback - EnableOpenAiBotPublishing = $PPTenantSettings.powerPlatforms.intelligence.enableOpenAiBotPublishing - DisableCopilotFeedbackMetadata = $PPTenantSettings.powerPlatforms.intelligence.disableCopilotFeedbackMetadata - DisableAiPrompts = $PPTenantSettings.powerPlatforms.intelligence.disableAiPrompts + DisableCopilotFeedback = $PPTenantSettings.powerPlatforms.intelligence.disableCopilotFeedback + EnableOpenAiBotPublishing = $PPTenantSettings.powerPlatforms.intelligence.enableOpenAiBotPublishing + DisableCopilotFeedbackMetadata = $PPTenantSettings.powerPlatforms.intelligence.disableCopilotFeedbackMetadata + DisableAiPrompts = $PPTenantSettings.powerPlatforms.intelligence.disableAiPrompts #modelExperimentation - EnableModelDataSharing = $PPTenantSettings.powerPlatforms.modelExperimentation.enableModelDataSharing - DisableDataLogging = $PPTenantSettings.powerPlatforms.modelExperimentation.disableDataLogging + EnableModelDataSharing = $PPTenantSettings.powerPlatforms.modelExperimentation.enableModelDataSharing + DisableDataLogging = $PPTenantSettings.powerPlatforms.modelExperimentation.disableDataLogging #catalogSettings - PowerCatalogAudienceSetting = $PPTenantSettings.powerPlatforms.catalogSettings.powerCatalogAudienceSetting + PowerCatalogAudienceSetting = $PPTenantSettings.powerPlatforms.catalogSettings.powerCatalogAudienceSetting #userManagementSettings - EnableDeleteDisabledUserinAllEnvironments = $PPTenantSettings.powerPlatforms.userManagementSettings.enableDeleteDisabledUserinAllEnvironments + EnableDeleteDisabledUserinAllEnvironments = $PPTenantSettings.powerPlatforms.userManagementSettings.enableDeleteDisabledUserinAllEnvironments #helpSupportSettings - DisableHelpSupportCopilot = $PPTenantSettings.powerPlatforms.helpSupportSettings.disableHelpSupportCopilot - UseSupportBingSearchByAllUsers = $PPTenantSettings.powerPlatforms.helpSupportSettings.useSupportBingSearchByAllUsers + DisableHelpSupportCopilot = $PPTenantSettings.powerPlatforms.helpSupportSettings.disableHelpSupportCopilot + UseSupportBingSearchByAllUsers = $PPTenantSettings.powerPlatforms.helpSupportSettings.useSupportBingSearchByAllUsers #Main - WalkMeOptOut = $PPTenantSettings.walkMeOptOut - DisableNPSCommentsReachout = $PPTenantSettings.disableNPSCommentsReachout - DisableNewsletterSendout = $PPTenantSettings.disableNewsletterSendout - DisableEnvironmentCreationByNonAdminUsers = $PPTenantSettings.disableEnvironmentCreationByNonAdminUsers - DisablePortalsCreationByNonAdminUsers = $PPTenantSettings.disablePortalsCreationByNonAdminUsers - DisableSurveyFeedback = $PPTenantSettings.disableSurveyFeedback - DisableSurveyScreenshots = $PPTenantSettings.disableSurveyScreenshots - DisableTrialEnvironmentCreationByNonAdminUsers = $PPTenantSettings.disableTrialEnvironmentCreationByNonAdminUsers - DisableCapacityAllocationByEnvironmentAdmins = $PPTenantSettings.disableCapacityAllocationByEnvironmentAdmins - DisableSupportTicketsVisibleByAllUsers = $PPTenantSettings.disableSupportTicketsVisibleByAllUsers - - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret + WalkMeOptOut = $PPTenantSettings.walkMeOptOut + DisableNPSCommentsReachout = $PPTenantSettings.disableNPSCommentsReachout + DisableNewsletterSendout = $PPTenantSettings.disableNewsletterSendout + DisableEnvironmentCreationByNonAdminUsers = $PPTenantSettings.disableEnvironmentCreationByNonAdminUsers + DisablePortalsCreationByNonAdminUsers = $PPTenantSettings.disablePortalsCreationByNonAdminUsers + DisableSurveyFeedback = $PPTenantSettings.disableSurveyFeedback + DisableSurveyScreenshots = $PPTenantSettings.disableSurveyScreenshots + DisableTrialEnvironmentCreationByNonAdminUsers = $PPTenantSettings.disableTrialEnvironmentCreationByNonAdminUsers + DisableCapacityAllocationByEnvironmentAdmins = $PPTenantSettings.disableCapacityAllocationByEnvironmentAdmins + DisableSupportTicketsVisibleByAllUsers = $PPTenantSettings.disableSupportTicketsVisibleByAllUsers + + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret } } catch @@ -904,7 +904,7 @@ function Export-TargetResource if ($settings.StatusCode -eq 403) { - throw "Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application. For additional information refer to https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal#registering-an-admin-management-application" + throw 'Invalid permission for the application. If you are using a custom app registration to authenticate, make sure it is defined as a Power Platform admin management application. For additional information refer to https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal#registering-an-admin-management-application' } $dscContent = '' @@ -983,15 +983,15 @@ function Get-M365DSCPowerPlatformTenantSettings disableCapacityAllocationByEnvironmentAdmins = $Parameters.DisableCapacityAllocationByEnvironmentAdmins disableSupportTicketsVisibleByAllUsers = $Parameters.DisableSupportTicketsVisibleByAllUsers powerPlatform = @{ - search = @{ + search = @{ disableDocsSearch = $Parameters.DisableDocsSearch disableCommunitySearch = $Parameters.DisableCommunitySearch disableBingVideoSearch = $Parameters.DisableBingVideoSearch } - teams = @{ + teams = @{ shareWithColleaguesUserLimit = $Parameters.ShareWithColleaguesUserLimit } - powerApps = @{ + powerApps = @{ disableShareWithEveryone = $Parameters.DisableShareWithEveryone enableGuestsToMake = $Parameters.EnableGuestsToMake disableMakerMatch = $Parameters.DisableMakerMatch @@ -1003,13 +1003,13 @@ function Get-M365DSCPowerPlatformTenantSettings allowNewOrgChannelDefault = $Parameters.AllowNewOrgChannelDefault disableCopilot = $Parameters.DisableCopilot } - environments = @{ + environments = @{ disablePreferredDataLocationForTeamsEnvironment = $Parameters.DisablePreferredDataLocationForTeamsEnvironment } - powerAutomate = @{ + powerAutomate = @{ disableCopilotWithBing = $Parameters.DisableCopilotWithBing } - governance = @{ + governance = @{ disableAdminDigest = $Parameters.DisableAdminDigest disableDeveloperEnvironmentCreationByNonAdminUsers = $Parameters.DisableDeveloperEnvironmentCreationByNonAdminUsers enableDefaultEnvironmentRouting = $Parameters.EnableDefaultEnvironmentRouting @@ -1020,43 +1020,43 @@ function Get-M365DSCPowerPlatformTenantSettings ) environmentRoutingAllMakers = $Parameters.EnvironmentRoutingAllMakers } - teamsIntegration = @{ + teamsIntegration = @{ shareWithColleaguesUserLimit = $Parameters.ShareWithColleaguesUserLimit } - licensing = @{ + licensing = @{ disableBillingPolicyCreationByNonAdminUsers = $Parameters.DisableBillingPolicyCreationByNonAdminUsers enableTenantCapacityReportForEnvironmentAdmins = $Parameters.EnableTenantCapacityReportForEnvironmentAdmins storageCapacityConsumptionWarningThreshold = $Parameters.StorageCapacityConsumptionWarningThreshold enableTenantLicensingReportForEnvironmentAdmins = $Parameters.EnableTenantLicensingReportForEnvironmentAdmins disableUseOfUnassignedAIBuilderCredits = $Parameters.DisableUseOfUnassignedAIBuilderCredits } - powerPages = @{ + powerPages = @{ enableGenerativeAIFeaturesForSiteUsers = $Parameters.EnableGenerativeAIFeaturesForSiteUsers enableExternalAuthenticationProvidersInPowerPages = $Parameters.EnableExternalAuthenticationProvidersInPowerPages } - champions = @{ + champions = @{ disableChampionsInvitationReachout = $Parameters.DisableChampionsInvitationReachout disableSkillsMatchInvitationReachout = $Parameters.DisableSkillsMatchInvitationReachout } - intelligence = @{ - disableCopilotFeedback = $Parameters.disableCopilotFeedback - enableOpenAiBotPublishing = $Parameters.enableOpenAiBotPublishing - disableCopilotFeedbackMetadata = $Parameters.disableCopilotFeedbackMetadata - disableAiPrompts = $Parameters.disableAiPrompts + intelligence = @{ + disableCopilotFeedback = $Parameters.disableCopilotFeedback + enableOpenAiBotPublishing = $Parameters.enableOpenAiBotPublishing + disableCopilotFeedbackMetadata = $Parameters.disableCopilotFeedbackMetadata + disableAiPrompts = $Parameters.disableAiPrompts } - modelExperimentation = @{ - enableModelDataSharing = $Parameters.enableModelDataSharing - disableDataLogging = $Parameters.disableDataLogging + modelExperimentation = @{ + enableModelDataSharing = $Parameters.enableModelDataSharing + disableDataLogging = $Parameters.disableDataLogging } - catalogSettings = @{ - powerCatalogAudienceSetting = $Parameters.powerCatalogAudienceSetting + catalogSettings = @{ + powerCatalogAudienceSetting = $Parameters.powerCatalogAudienceSetting } userManagementSettings = @{ - enableDeleteDisabledUserinAllEnvironments = $Parameters.enableDeleteDisabledUserinAllEnvironments + enableDeleteDisabledUserinAllEnvironments = $Parameters.enableDeleteDisabledUserinAllEnvironments } - helpSupportSettings = @{ - disableHelpSupportCopilot = $Parameters.disableHelpSupportCopilot - useSupportBingSearchByAllUsers = $Parameters.useSupportBingSearchByAllUsers + helpSupportSettings = @{ + disableHelpSupportCopilot = $Parameters.disableHelpSupportCopilot + useSupportBingSearchByAllUsers = $Parameters.useSupportBingSearchByAllUsers } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 index 21ed857ab6..94d0e7ceab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 @@ -388,12 +388,12 @@ function Set-TargetResource { if ($PSBoundParameters.ContainsKey('Mode') -eq $false) { - Write-Verbose "SharePoint or OneDrive location has been specified. Setting Mode to TestWithoutNotifications." + Write-Verbose 'SharePoint or OneDrive location has been specified. Setting Mode to TestWithoutNotifications.' $PSBoundParameters.Add('Mode', 'TestWithoutNotifications') } elseif ($PSBoundParameters.Mode -eq 'Enable') { - Write-Verbose "SharePoint or OneDrive location has been specified. Changing Mode to TestWithoutNotifications." + Write-Verbose 'SharePoint or OneDrive location has been specified. Changing Mode to TestWithoutNotifications.' $PSBoundParameters.Mode = 'TestWithoutNotifications' } } @@ -873,7 +873,7 @@ function Export-TargetResource } catch { - if ($_.Exception.Message -like "*is not recognized as the name of a cmdlet*") + if ($_.Exception.Message -like '*is not recognized as the name of a cmdlet*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for this feature." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index 22ef5eca5a..ccca329b0f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -1230,7 +1230,7 @@ function Export-TargetResource } catch { - if ($_.Exception.Message -like "*is not recognized as the name of a cmdlet*") + if ($_.Exception.Message -like '*is not recognized as the name of a cmdlet*') { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for this feature." } @@ -1263,12 +1263,12 @@ function ConvertTo-HeadersMatchesPatternString $result = "`r`n MSFT_SCHeaderPattern`r`n {`r`n" $result += " Name = '$($Patterns.Name)'`r`n" - $result += " Values = @(" + $result += ' Values = @(' foreach ($value in $Patterns.Value) { $result += "'$($value.Replace("'", "''"))'," } - $result = $result.Substring(0, $result.Length -1) + ")`r`n" + $result = $result.Substring(0, $result.Length - 1) + ")`r`n" $result += " }`r`n" return $result } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 index 761921f519..1c1e7d4495 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 @@ -339,7 +339,7 @@ function Set-TargetResource 'Preview' { $CreationParams.Add('Preview', $true) - $CreationParams.Remove("Scope") | Out-Null + $CreationParams.Remove('Scope') | Out-Null $CreationParams.Add('Confirm', $false) $CreationParams.Remove('EnableDedupe') | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 053cd48070..f4b5814d2a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -22,7 +22,7 @@ function Get-TargetResource $BlockAccess, [Parameter()] - [ValidateSet('All', 'PerUser','None')] + [ValidateSet('All', 'PerUser', 'None')] [System.String] $BlockAccessScope, @@ -142,7 +142,7 @@ function Get-TargetResource [System.Boolean] $DocumentIsPasswordProtected, - [Parameter()] + [Parameter()] [System.Boolean] $ExceptIfDocumentIsPasswordProtected, @@ -397,13 +397,13 @@ function Get-TargetResource $ExceptIfContentExtensionMatchesWords = $PolicyRule.ExceptIfContentExtensionMatchesWords.Replace(' ', '').Split(',') } - if($null -ne $PolicyRule.AdvancedRule -and $PolicyRule.AdvancedRule.Count -gt 0) + if ($null -ne $PolicyRule.AdvancedRule -and $PolicyRule.AdvancedRule.Count -gt 0) { $ruleobject = $PolicyRule.AdvancedRule | ConvertFrom-Json - $index = $ruleobject.Condition.SubConditions.ConditionName.IndexOf("ContentContainsSensitiveInformation") + $index = $ruleobject.Condition.SubConditions.ConditionName.IndexOf('ContentContainsSensitiveInformation') if ($index -ne -1) { - if($null -eq $ruleobject.Condition.SubConditions[$index].value.groups) + if ($null -eq $ruleobject.Condition.SubConditions[$index].value.groups) { $ruleobject.Condition.SubConditions[$index].Value = $ruleobject.Condition.SubConditions[$index].Value | Select-Object * -ExcludeProperty Id } @@ -414,14 +414,14 @@ function Get-TargetResource } $newAdvancedRule = $ruleobject | ConvertTo-Json -Depth 32 | Format-Json - $newAdvancedRule = $newAdvancedRule | ConvertTo-Json -compress + $newAdvancedRule = $newAdvancedRule | ConvertTo-Json -Compress } else { $newAdvancedRule = $null } - $fancyDoubleQuotes = "[\u201C\u201D]" + $fancyDoubleQuotes = '[\u201C\u201D]' $result = @{ Ensure = 'Present' Name = $PolicyRule.Name @@ -550,7 +550,7 @@ function Set-TargetResource $BlockAccess, [Parameter()] - [ValidateSet('All', 'PerUser','None')] + [ValidateSet('All', 'PerUser', 'None')] [System.String] $BlockAccessScope, @@ -670,7 +670,7 @@ function Set-TargetResource [System.Boolean] $DocumentIsPasswordProtected, - [Parameter()] + [Parameter()] [System.Boolean] $ExceptIfDocumentIsPasswordProtected, @@ -907,7 +907,7 @@ function Set-TargetResource { $CreationParams.AdvancedRule = $CreationParams.AdvancedRule | ConvertFrom-Json } - elseif($null -ne $CreationParams.ContentContainsSensitiveInformation) + elseif ($null -ne $CreationParams.ContentContainsSensitiveInformation) { $CreationParams.Remove('AdvancedRule') } @@ -926,8 +926,8 @@ function Set-TargetResource $CreationParams.Remove('AccessTokens') | Out-Null $NewruleParam = @{ - Name = $CreationParams.Name - Policy = $CreationParams.Policy + Name = $CreationParams.Name + Policy = $CreationParams.Policy AdvancedRule = $CreationParams.AdvancedRule } Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" @@ -976,7 +976,7 @@ function Set-TargetResource { $UpdateParams.AdvancedRule = $UpdateParams.AdvancedRule | ConvertFrom-Json } - elseif($null -ne $UpdateParams.ContentContainsSensitiveInformation) + elseif ($null -ne $UpdateParams.ContentContainsSensitiveInformation) { $UpdateParams.Remove('AdvancedRule') } @@ -1031,7 +1031,7 @@ function Test-TargetResource $BlockAccess, [Parameter()] - [ValidateSet('All', 'PerUser','None')] + [ValidateSet('All', 'PerUser', 'None')] [System.String] $BlockAccessScope, @@ -2077,15 +2077,18 @@ function Test-ContainsSensitiveInformationGroups } } -function Format-Json([Parameter(Mandatory, ValueFromPipeline)][String] $json) { - $indent = 0; - ($json -Split "`n" | % { - if ($_ -match '[\}\]]\s*,?\s*$') { +function Format-Json([Parameter(Mandatory, ValueFromPipeline)][String] $json) +{ + $indent = 0 + ($json -Split "`n" | ForEach-Object { + if ($_ -match '[\}\]]\s*,?\s*$') + { # This line ends with ] or }, decrement the indentation level $indent-- } $line = (' ' * $indent) + $($_.TrimStart() -replace '": (["{[])', '": $1' -replace ': ', ': ') - if ($_ -match '[\{\[]\s*$') { + if ($_ -match '[\{\[]\s*$') + { # This line ends with [ or {, increment the indentation level $indent++ } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 index 834c470d45..b1932e3bef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 @@ -260,17 +260,17 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $policyObj = Get-DeviceConditionalAccessPolicy | Where-Object -FilterScript {$_.Name -eq $Policy} + $policyObj = Get-DeviceConditionalAccessPolicy | Where-Object -FilterScript { $_.Name -eq $Policy } if ($null -ne $policyObj) { Write-Verbose -Message "Found policy object {$Policy}" if ($null -ne $Script:exportedInstances -and $Script:ExportMode -and $null) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } } else { - $instance = Get-DeviceConditionalAccessRule | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + $instance = Get-DeviceConditionalAccessRule | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } } } if ($null -eq $instance) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 index 97f1c316ad..0718875772 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationRule/MSFT_SCDeviceConfigurationRule.psm1 @@ -256,17 +256,17 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $policyObj = Get-DeviceConfigurationPolicy | Where-Object -FilterScript {$_.Name -eq $Policy} + $policyObj = Get-DeviceConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq $Policy } if ($null -ne $policyObj) { Write-Verbose -Message "Found policy object {$Policy}" if ($null -ne $Script:exportedInstances -and $Script:ExportMode -and $null) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } } else { - $instance = Get-DeviceConfigurationRule | Where-Object -FilterScript {$_.Policy -eq $policyObj.ExchangeObjectId} + $instance = Get-DeviceConfigurationRule | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } } } if ($null -eq $instance) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 index a0d5e92ed3..8dcdff444a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskEntityList/MSFT_SCInsiderRiskEntityList.psm1 @@ -140,7 +140,7 @@ function Get-TargetResource # CustomDomainLists $DmnValues = @() if ($instance.ListType -eq 'CustomDomainLists' -or ` - $instance.Name -eq 'IrmWhitelistDomains') + $instance.Name -eq 'IrmWhitelistDomains') { foreach ($entity in $instance.Entities) { @@ -156,7 +156,7 @@ function Get-TargetResource # CustomFilePathRegexLists $FilePathValues = @() if ($instance.ListType -eq 'CustomFilePathRegexLists' -or ` - $instance.Name -eq 'IrmCustomExWinFilePaths') + $instance.Name -eq 'IrmCustomExWinFilePaths') { foreach ($entity in $instance.Entities) { @@ -179,7 +179,7 @@ function Get-TargetResource # CustomKeywordLists $KeywordValues = @() if ($instance.ListType -eq 'CustomKeywordLists' -or ` - $instance.Name -eq 'IrmExcludedKeywords' -or $instance.Name -eq 'IrmNotExcludedKeywords') + $instance.Name -eq 'IrmExcludedKeywords' -or $instance.Name -eq 'IrmNotExcludedKeywords') { foreach ($entity in $instance.Entities) { @@ -191,7 +191,7 @@ function Get-TargetResource # CustomSensitiveInformationTypeLists $SITValues = @() if ($instance.ListType -eq 'CustomSensitiveInformationTypeLists' -or ` - $instance.Name -eq 'IrmCustomExSensitiveTypes') + $instance.Name -eq 'IrmCustomExSensitiveTypes') { foreach ($entity in $instance.Entities) { @@ -204,7 +204,7 @@ function Get-TargetResource # CustomSiteLists $SiteValues = @() if ($instance.ListType -eq 'CustomSiteLists' -or ` - $instance.Name -eq 'IrmExcludedSites') + $instance.Name -eq 'IrmExcludedSites') { foreach ($entity in $instance.Entities) { @@ -349,7 +349,7 @@ function Get-TargetResource ExceptionKeyworkGroups = $exceptionKeywordGroupValue ExcludedClassifierGroups = $excludedClassifierGroupValue ExcludedDomainGroups = $excludedDomainGroupValue - ExcludedFilePathGroups = $ExcludedFilePathGroupsValue + ExcludedFilePathGroups = $ExcludedFilePathGroupsValue ExcludedSiteGroups = $excludedSiteGroupValue ExcludedSensitiveInformationTypeGroups = $excludedSITGroupValue ExcludedFileTypeGroups = $excludedFileTypeGroupValue @@ -513,10 +513,10 @@ function Set-TargetResource } Write-Verbose -Message "Creating new Domain Group {$Name} with values {$($value -join ',')}" New-InsiderRiskEntityList -Type 'CustomDomainLists' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } elseif ($ListType -eq 'CustomFilePathRegexLists') { @@ -527,10 +527,10 @@ function Set-TargetResource } Write-Verbose -Message "Creating new FilePath Group {$Name} with values {$($value -join ',')}" New-InsiderRiskEntityList -Type 'CustomFilePathRegexLists' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } elseif ($ListType -eq 'CustomFileTypeLists') { @@ -541,10 +541,10 @@ function Set-TargetResource } Write-Verbose -Message "Creating new FileType Group {$Name} with values {$($value -join ',')}" New-InsiderRiskEntityList -Type 'CustomFileTypeLists ' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } elseif ($ListType -eq 'CustomKeywordLists') { @@ -555,10 +555,10 @@ function Set-TargetResource } Write-Verbose -Message "Creating new Keyword Group {$Name} with values {$($value -join ',')}" New-InsiderRiskEntityList -Type 'CustomKeywordLists' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } elseif ($ListType -eq 'CustomSensitiveInformationTypeLists') { @@ -569,24 +569,24 @@ function Set-TargetResource } Write-Verbose -Message "Creating new SIT Group {$Name} with values {$($value -join ',')}" New-InsiderRiskEntityList -Type 'CustomSensitiveInformationTypeLists' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } elseif ($ListType -eq 'CustomSiteLists') { $value = @() foreach ($site in $Sites) { - $value += "{`"Url`":`"$($site.Url.ToString())`",`"Name`":`"$($site.Name.ToString())`",`"Guid`":`"$((New-GUID).ToString())`"}" + $value += "{`"Url`":`"$($site.Url.ToString())`",`"Name`":`"$($site.Name.ToString())`",`"Guid`":`"$((New-Guid).ToString())`"}" } Write-Verbose -Message "Creating new Site Group {$Name} with values {$($value)}" New-InsiderRiskEntityList -Type 'CustomSiteLists' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } elseif ($ListType -eq 'CustomMLClassifierTypeLists') { @@ -597,10 +597,10 @@ function Set-TargetResource } Write-Verbose -Message "Creating new Trainable classifier Group {$Name} with values {$($value)}" New-InsiderRiskEntityList -Type 'CustomMLClassifierTypeLists' ` - -Name $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -Entities $value | Out-Null + -Name $Name ` + -DisplayName $DisplayName ` + -Description $Description ` + -Entities $value | Out-Null } else { @@ -620,12 +620,12 @@ function Set-TargetResource { if ($diff.SideIndicator -eq '=>') { - $instance = $Domains | Where-Object -FilterScript {$_.Dmn -eq $diff.InputObject} + $instance = $Domains | Where-Object -FilterScript { $_.Dmn -eq $diff.InputObject } $entitiesToAdd += "{`"Dmn`":`"$($instance.Dmn)`",`"isMLSubDmn`":$($instance.isMLSubDmn.ToString().ToLower())}" } else { - $instance = $currentInstance.Domains | Where-Object -FilterScript {$_.Dmn -eq $diff.InputObject} + $instance = $currentInstance.Domains | Where-Object -FilterScript { $_.Dmn -eq $diff.InputObject } $entitiesToRemove += "{`"Dmn`":`"$($instance.Dmn)`",`"isMLSubDmn`":$($instance.isMLSubDmn.ToString().ToLower())}" } } @@ -635,10 +635,10 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } # Update File Path Group elseif ($ListType -eq 'CustomFilePathRegexLists' -or $Name -eq 'IrmCustomExWinFilePaths' -or ` @@ -664,10 +664,10 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } # Update File Type Group elseif ($ListType -eq 'CustomFileTypeLists') @@ -692,10 +692,10 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } # Update Keywords Group elseif ($ListType -eq 'CustomKeywordLists' -or $Name -eq 'IrmExcludedKeywords' -or $Name -eq 'IrmNotExcludedKeywords') @@ -720,10 +720,10 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } # Update SIT Group elseif ($ListType -eq 'CustomSensitiveInformationTypeLists' -or $Name -eq 'IrmCustomExSensitiveTypes ' -or ` @@ -749,15 +749,15 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } # Update Sites Group elseif ($ListType -eq 'CustomSiteLists' -or $Name -eq 'IrmExcludedSites') { - Write-Verbose -Message "Calculating the difference in the Site list." + Write-Verbose -Message 'Calculating the difference in the Site list.' $entitiesToAdd = @() $entitiesToRemove = @() $differences = Compare-Object -ReferenceObject $currentInstance.Sites.Url -DifferenceObject $Sites.Url @@ -765,7 +765,7 @@ function Set-TargetResource { if ($diff.SideIndicator -eq '=>') { - $entry = $Sites | Where-Object -FilterScript {$_.Url -eq $diff.InputObject} + $entry = $Sites | Where-Object -FilterScript { $_.Url -eq $diff.InputObject } $guid = $entry.Guid if ([System.String]::IsNullOrEmpty($guid)) { @@ -775,7 +775,7 @@ function Set-TargetResource } else { - $entry = $currentInstance.Sites | Where-Object -FilterScript {$_.Url -eq $diff.InputObject} + $entry = $currentInstance.Sites | Where-Object -FilterScript { $_.Url -eq $diff.InputObject } $entitiesToRemove += "{`"Url`":`"$($entry.Url)`",`"Name`":`"$($entry.Name)`",`"Guid`":`"$($entry.Guid)`"}" } } @@ -785,10 +785,10 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } # Update Trainable Classifiers Group elseif ($ListType -eq 'CustomMLClassifierTypeLists' -or $Name -eq 'IrmCustomExMLClassifiers' -or ` @@ -814,60 +814,60 @@ function Set-TargetResource Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -DisplayName $DisplayName ` - -Description $Description ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -DisplayName $DisplayName ` + -Description $Description ` + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } <################## Group Exclusions #############> if ($null -ne $ExcludedDomainGroups -and $ExcludedDomainGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedDomainGroups ` - -DesiredValues $ExcludedDomainGroups ` - -Name 'IrmXSGDomains' + -DesiredValues $ExcludedDomainGroups ` + -Name 'IrmXSGDomains' } elseif ($null -ne $ExcludedFilePathGroups -and $ExcludedFilePathGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedFilePathGroups ` - -DesiredValues $ExcludedFilePathGroups ` - -Name 'IrmXSGFilePaths' + -DesiredValues $ExcludedFilePathGroups ` + -Name 'IrmXSGFilePaths' } elseif ($null -ne $ExcludedFileTypeGroups -and $ExcludedFileTypeGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedFileTypeGroups ` - -DesiredValues $ExcludedFileTypeGroups ` - -Name 'IrmXSGFiletypes' + -DesiredValues $ExcludedFileTypeGroups ` + -Name 'IrmXSGFiletypes' } elseif ($null -ne $ExceptionKeyworkGroups -and $ExceptionKeyworkGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExceptionKeyworkGroups ` - -DesiredValues $ExceptionKeyworkGroups ` - -Name 'IrmXSGExcludedKeywords ' + -DesiredValues $ExceptionKeyworkGroups ` + -Name 'IrmXSGExcludedKeywords ' } elseif ($null -ne $ExcludedKeyworkGroups -and $ExcludedKeyworkGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedKeyworkGroups ` - -DesiredValues $ExcludedKeyworkGroups ` - -Name 'IrmXSGExcludedKeywords ' + -DesiredValues $ExcludedKeyworkGroups ` + -Name 'IrmXSGExcludedKeywords ' } elseif ($null -ne $ExcludedSensitiveInformationTypeGroups -and $ExcludedSensitiveInformationTypeGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedSensitiveInformationTypeGroups ` - -DesiredValues $ExcludedSensitiveInformationTypeGroups ` - -Name 'IrmXSGSensitiveInfoTypes ' + -DesiredValues $ExcludedSensitiveInformationTypeGroups ` + -Name 'IrmXSGSensitiveInfoTypes ' } elseif ($null -ne $ExcludedSiteGroups -and $ExcludedSiteGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedSiteGroups ` - -DesiredValues $ExcludedSiteGroups ` - -Name 'IrmXSGSites ' + -DesiredValues $ExcludedSiteGroups ` + -Name 'IrmXSGSites ' } elseif ($null -ne $ExcludedClassifierGroups -and $ExcludedClassifierGroups.Length -gt 0) { Set-M365DSCSCInsiderRiskExclusionGroup -CurrentValues $currentInstance.ExcludedClassifierGroups ` - -DesiredValues $ExcludedClassifierGroups ` - -Name 'IrmXSGMLClassifierTypes ' + -DesiredValues $ExcludedClassifierGroups ` + -Name 'IrmXSGMLClassifierTypes ' } } # REMOVE @@ -1073,8 +1073,8 @@ function Export-TargetResource $Script:ExportMode = $true [array] $Script:exportedInstances = @() $availableTypes = @('HveLists', 'DomainLists', 'CriticalAssetLists', 'WindowsFilePathRegexLists', 'SensitiveTypeLists', 'SiteLists', 'KeywordLists', ` - 'CustomDomainLists', 'CustomSiteLists', 'CustomKeywordLists', 'CustomFileTypeLists', 'CustomFilePathRegexLists', ` - 'CustomSensitiveInformationTypeLists', 'CustomMLClassifierTypeLists', 'GlobalExclusionSGMapping', 'DlpPolicyLists') + 'CustomDomainLists', 'CustomSiteLists', 'CustomKeywordLists', 'CustomFileTypeLists', 'CustomFilePathRegexLists', ` + 'CustomSensitiveInformationTypeLists', 'CustomMLClassifierTypeLists', 'GlobalExclusionSGMapping', 'DlpPolicyLists') # Retrieve entries for each type foreach ($listType in $availableTypes) @@ -1174,12 +1174,12 @@ function ConvertTo-M365DSCSCInsiderRiskDomainToString [CmdletBinding()] [OutputType([System.String])] param( - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.Object[]] $Domains ) - $content = "@(" + $content = '@(' foreach ($domain in $Domains) { $content += "MSFT_SCInsiderRiskEntityListDomain`r`n" @@ -1188,7 +1188,7 @@ function ConvertTo-M365DSCSCInsiderRiskDomainToString $content += " isMLSubDmn = `$$($domain.isMLSubDmn)`r`n" $content += "}`r`n" } - $content += ")" + $content += ')' return $content } @@ -1197,12 +1197,12 @@ function ConvertTo-M365DSCSCInsiderRiskSiteToString [CmdletBinding()] [OutputType([System.String])] param( - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.Object[]] $Sites ) - $content = "@(" + $content = '@(' foreach ($site in $Sites) { $content += "MSFT_SCInsiderRiskEntityListSite`r`n" @@ -1212,7 +1212,7 @@ function ConvertTo-M365DSCSCInsiderRiskSiteToString $content += " Guid = '$($site.Guid)'`r`n" $content += "}`r`n" } - $content += ")" + $content += ')' return $content } @@ -1253,8 +1253,8 @@ function Set-M365DSCSCInsiderRiskExclusionGroup Write-Verbose -Message "Removing entities: $($entitiesToRemove -join ',')" Set-InsiderRiskEntityList -Identity $Name ` - -AddEntities $entitiesToAdd ` - -RemoveEntities $entitiesToRemove | Out-Null + -AddEntities $entitiesToAdd ` + -RemoveEntities $entitiesToRemove | Out-Null } Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 index 9f887882f9..584a732ad9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.psm1 @@ -739,7 +739,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -815,149 +815,149 @@ function Get-TargetResource FileVolCutoffLimits = $tenantSettings.IntelligentDetections.FileVolCutoffLimits AlertVolume = $tenantSettings.IntelligentDetections.AlertVolume MDATPTriageStatus = $tenantSettings.IntelligentDetections.MDATPTriageStatus - AnomalyDetections = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'AnomalyDetections'}).Enabled - CopyToPersonalCloud = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToPersonalCloud'}).Enabled - CopyToUSB = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CopyToUSB'}).Enabled - CumulativeExfiltrationDetector = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'CumulativeExfiltrationDetector'}).Enabled - EmailExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmailExternal'}).Enabled - EmployeeAccessedEmployeePatientData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedEmployeePatientData'}).Enabled - EmployeeAccessedFamilyData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedFamilyData'}).Enabled - EmployeeAccessedHighVolumePatientData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedHighVolumePatientData'}).Enabled - EmployeeAccessedNeighbourData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedNeighbourData'}).Enabled - EmployeeAccessedRestrictedData = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EmployeeAccessedRestrictedData'}).Enabled - EpoBrowseToChildAbuseSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToChildAbuseSites'}).Enabled - EpoBrowseToCriminalActivitySites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToCriminalActivitySites'}).Enabled - EpoBrowseToCultSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToCultSites'}).Enabled - EpoBrowseToGamblingSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToGamblingSites'}).Enabled - EpoBrowseToHackingSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToHackingSites'}).Enabled - EpoBrowseToHateIntoleranceSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToHateIntoleranceSites'}).Enabled - EpoBrowseToIllegalSoftwareSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToIllegalSoftwareSites'}).Enabled - EpoBrowseToKeyloggerSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToKeyloggerSites'}).Enabled - EpoBrowseToLlmSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToLlmSites'}).Enabled - EpoBrowseToMalwareSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToMalwareSites'}).Enabled - EpoBrowseToPhishingSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToPhishingSites'}).Enabled - EpoBrowseToPornographySites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToPornographySites'}).Enabled - EpoBrowseToUnallowedDomain = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToUnallowedDomain'}).Enabled - EpoBrowseToViolenceSites = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoBrowseToViolenceSites'}).Enabled - EpoCopyToClipboardFromSensitiveFile = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoCopyToClipboardFromSensitiveFile'}).Enabled - EpoCopyToNetworkShare = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoCopyToNetworkShare'}).Enabled - EpoFileArchived = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileArchived'}).Enabled - EpoFileCopiedToRemoteDesktopSession = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileCopiedToRemoteDesktopSession'}).Enabled - EpoFileDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDeleted'}).Enabled - EpoFileDownloadedFromBlacklistedDomain = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDownloadedFromBlacklistedDomain'}).Enabled - EpoFileDownloadedFromEnterpriseDomain = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileDownloadedFromEnterpriseDomain'}).Enabled - EpoFileRenamed = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileRenamed'}).Enabled - EpoFileStagedToCentralLocation = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoFileStagedToCentralLocation'}).Enabled - EpoHiddenFileCreated = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoHiddenFileCreated'}).Enabled - EpoRemovableMediaMount = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoRemovableMediaMount'}).Enabled - EpoSensitiveFileRead = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'EpoSensitiveFileRead'}).Enabled - Mcas3rdPartyAppDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppDownload'}).Enabled - Mcas3rdPartyAppFileDelete = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppFileDelete'}).Enabled - Mcas3rdPartyAppFileSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Mcas3rdPartyAppFileSharing'}).Enabled - McasActivityFromInfrequentCountry = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasActivityFromInfrequentCountry'}).Enabled - McasImpossibleTravel = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasImpossibleTravel'}).Enabled - McasMultipleFailedLogins = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleFailedLogins'}).Enabled - McasMultipleStorageDeletion = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleStorageDeletion'}).Enabled - McasMultipleVMCreation = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleVMCreation'}).Enabled - McasMultipleVMDeletion = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasMultipleVMDeletion'}).Enabled - McasSuspiciousAdminActivities = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousAdminActivities'}).Enabled - McasSuspiciousCloudCreation = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousCloudCreation'}).Enabled - McasSuspiciousCloudTrailLoggingChange = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasSuspiciousCloudTrailLoggingChange'}).Enabled - McasTerminatedEmployeeActivity = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'McasTerminatedEmployeeActivity'}).Enabled - OdbDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'OdbDownload'}).Enabled - OdbSyncDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'OdbSyncDownload'}).Enabled - PeerCumulativeExfiltrationDetector = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PeerCumulativeExfiltrationDetector'}).Enabled - PhysicalAccess = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PhysicalAccess'}).Enabled - PotentialHighImpactUser = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PotentialHighImpactUser'}).Enabled - Print = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'Print'}).Enabled - PriorityUserGroupMember = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'PriorityUserGroupMember'}).Enabled - SecurityAlertDefenseEvasion = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SecurityAlertDefenseEvasion'}).Enabled - SecurityAlertUnwantedSoftware = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SecurityAlertUnwantedSoftware'}).Enabled - SpoAccessRequest = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoAccessRequest'}).Enabled - SpoApprovedAccess = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoApprovedAccess'}).Enabled - SpoDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoDownload'}).Enabled - SpoDownloadV2 = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoDownloadV2'}).Enabled - SpoFileAccessed = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileAccessed'}).Enabled - SpoFileDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeleted'}).Enabled - SpoFileDeletedFromFirstStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeletedFromFirstStageRecycleBin'}).Enabled - SpoFileDeletedFromSecondStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileDeletedFromSecondStageRecycleBin'}).Enabled - SpoFileLabelDowngraded = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileLabelDowngraded'}).Enabled - SpoFileLabelRemoved = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileLabelRemoved'}).Enabled - SpoFileSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFileSharing'}).Enabled - SpoFolderDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeleted'}).Enabled - SpoFolderDeletedFromFirstStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeletedFromFirstStageRecycleBin'}).Enabled - SpoFolderDeletedFromSecondStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderDeletedFromSecondStageRecycleBin'}).Enabled - SpoFolderSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoFolderSharing'}).Enabled - SpoSiteExternalUserAdded = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteExternalUserAdded'}).Enabled - SpoSiteInternalUserAdded = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteInternalUserAdded'}).Enabled - SpoSiteLabelRemoved = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteLabelRemoved'}).Enabled - SpoSiteSharing = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSiteSharing'}).Enabled - SpoSyncDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'SpoSyncDownload'}).Enabled - TeamsChannelFileSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChannelFileSharedExternal'}).Enabled - TeamsChannelMemberAddedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChannelMemberAddedExternal'}).Enabled - TeamsChatFileSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsChatFileSharedExternal'}).Enabled - TeamsFileDownload = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsFileDownload'}).Enabled - TeamsFolderSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsFolderSharedExternal'}).Enabled - TeamsMemberAddedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsMemberAddedExternal'}).Enabled - TeamsSensitiveMessage = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'TeamsSensitiveMessage'}).Enabled - UserHistory = ($tenantSettings.Indicators | Where-Object -FilterScript {$_.Name -eq 'UserHistory'}).Enabled - AWSS3BlockPublicAccessDisabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3BlockPublicAccessDisabled'}).Enabled - AWSS3BucketDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3BucketDeleted'}).Enabled - AWSS3PublicAccessEnabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3PublicAccessEnabled'}).Enabled - AWSS3ServerLoggingDisabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AWSS3ServerLoggingDisabled'}).Enabled - AzureElevateAccessToAllSubscriptions = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureElevateAccessToAllSubscriptions'}).Enabled - AzureResourceThreatProtectionSettingsUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureResourceThreatProtectionSettingsUpdated'}).Enabled - AzureSQLServerAuditingSettingsUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerAuditingSettingsUpdated'}).Enabled - AzureSQLServerFirewallRuleDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerFirewallRuleDeleted'}).Enabled - AzureSQLServerFirewallRuleUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureSQLServerFirewallRuleUpdated'}).Enabled - AzureStorageAccountOrContainerDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'AzureStorageAccountOrContainerDeleted'}).Enabled - BoxContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentAccess'}).Enabled - BoxContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentDelete'}).Enabled - BoxContentDownload = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentDownload'}).Enabled - BoxContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'BoxContentExternallyShared'}).Enabled - CCFinancialRegulatoryRiskyTextSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCFinancialRegulatoryRiskyTextSent'}).Enabled - CCInappropriateContentSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCInappropriateContentSent'}).Enabled - CCInappropriateImagesSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'CCInappropriateImagesSent'}).Enabled - DropboxContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentAccess'}).Enabled - DropboxContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentDelete'}).Enabled - DropboxContentDownload = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentDownload'}).Enabled - DropboxContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'DropboxContentExternallyShared'}).Enabled - GoogleDriveContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentAccess'}).Enabled - GoogleDriveContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentDelete'}).Enabled - GoogleDriveContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'GoogleDriveContentExternallyShared'}).Enabled - PowerBIDashboardsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIDashboardsDeleted'}).Enabled - PowerBIReportsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsDeleted'}).Enabled - PowerBIReportsDownloaded = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsDownloaded'}).Enabled - PowerBIReportsExported = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsExported'}).Enabled - PowerBIReportsViewed = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBIReportsViewed'}).Enabled - PowerBISemanticModelsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISemanticModelsDeleted'}).Enabled - PowerBISensitivityLabelDowngradedForArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISensitivityLabelDowngradedForArtifacts'}).Enabled - PowerBISensitivityLabelRemovedFromArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript {$_.Name -eq 'PowerBISensitivityLabelRemovedFromArtifacts'}).Enabled + AnomalyDetections = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'AnomalyDetections' }).Enabled + CopyToPersonalCloud = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'CopyToPersonalCloud' }).Enabled + CopyToUSB = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'CopyToUSB' }).Enabled + CumulativeExfiltrationDetector = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'CumulativeExfiltrationDetector' }).Enabled + EmailExternal = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EmailExternal' }).Enabled + EmployeeAccessedEmployeePatientData = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EmployeeAccessedEmployeePatientData' }).Enabled + EmployeeAccessedFamilyData = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EmployeeAccessedFamilyData' }).Enabled + EmployeeAccessedHighVolumePatientData = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EmployeeAccessedHighVolumePatientData' }).Enabled + EmployeeAccessedNeighbourData = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EmployeeAccessedNeighbourData' }).Enabled + EmployeeAccessedRestrictedData = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EmployeeAccessedRestrictedData' }).Enabled + EpoBrowseToChildAbuseSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToChildAbuseSites' }).Enabled + EpoBrowseToCriminalActivitySites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToCriminalActivitySites' }).Enabled + EpoBrowseToCultSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToCultSites' }).Enabled + EpoBrowseToGamblingSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToGamblingSites' }).Enabled + EpoBrowseToHackingSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToHackingSites' }).Enabled + EpoBrowseToHateIntoleranceSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToHateIntoleranceSites' }).Enabled + EpoBrowseToIllegalSoftwareSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToIllegalSoftwareSites' }).Enabled + EpoBrowseToKeyloggerSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToKeyloggerSites' }).Enabled + EpoBrowseToLlmSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToLlmSites' }).Enabled + EpoBrowseToMalwareSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToMalwareSites' }).Enabled + EpoBrowseToPhishingSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToPhishingSites' }).Enabled + EpoBrowseToPornographySites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToPornographySites' }).Enabled + EpoBrowseToUnallowedDomain = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToUnallowedDomain' }).Enabled + EpoBrowseToViolenceSites = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoBrowseToViolenceSites' }).Enabled + EpoCopyToClipboardFromSensitiveFile = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoCopyToClipboardFromSensitiveFile' }).Enabled + EpoCopyToNetworkShare = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoCopyToNetworkShare' }).Enabled + EpoFileArchived = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileArchived' }).Enabled + EpoFileCopiedToRemoteDesktopSession = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileCopiedToRemoteDesktopSession' }).Enabled + EpoFileDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileDeleted' }).Enabled + EpoFileDownloadedFromBlacklistedDomain = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileDownloadedFromBlacklistedDomain' }).Enabled + EpoFileDownloadedFromEnterpriseDomain = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileDownloadedFromEnterpriseDomain' }).Enabled + EpoFileRenamed = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileRenamed' }).Enabled + EpoFileStagedToCentralLocation = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoFileStagedToCentralLocation' }).Enabled + EpoHiddenFileCreated = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoHiddenFileCreated' }).Enabled + EpoRemovableMediaMount = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoRemovableMediaMount' }).Enabled + EpoSensitiveFileRead = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'EpoSensitiveFileRead' }).Enabled + Mcas3rdPartyAppDownload = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'Mcas3rdPartyAppDownload' }).Enabled + Mcas3rdPartyAppFileDelete = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'Mcas3rdPartyAppFileDelete' }).Enabled + Mcas3rdPartyAppFileSharing = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'Mcas3rdPartyAppFileSharing' }).Enabled + McasActivityFromInfrequentCountry = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasActivityFromInfrequentCountry' }).Enabled + McasImpossibleTravel = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasImpossibleTravel' }).Enabled + McasMultipleFailedLogins = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasMultipleFailedLogins' }).Enabled + McasMultipleStorageDeletion = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasMultipleStorageDeletion' }).Enabled + McasMultipleVMCreation = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasMultipleVMCreation' }).Enabled + McasMultipleVMDeletion = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasMultipleVMDeletion' }).Enabled + McasSuspiciousAdminActivities = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasSuspiciousAdminActivities' }).Enabled + McasSuspiciousCloudCreation = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasSuspiciousCloudCreation' }).Enabled + McasSuspiciousCloudTrailLoggingChange = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasSuspiciousCloudTrailLoggingChange' }).Enabled + McasTerminatedEmployeeActivity = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'McasTerminatedEmployeeActivity' }).Enabled + OdbDownload = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'OdbDownload' }).Enabled + OdbSyncDownload = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'OdbSyncDownload' }).Enabled + PeerCumulativeExfiltrationDetector = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'PeerCumulativeExfiltrationDetector' }).Enabled + PhysicalAccess = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'PhysicalAccess' }).Enabled + PotentialHighImpactUser = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'PotentialHighImpactUser' }).Enabled + Print = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'Print' }).Enabled + PriorityUserGroupMember = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'PriorityUserGroupMember' }).Enabled + SecurityAlertDefenseEvasion = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SecurityAlertDefenseEvasion' }).Enabled + SecurityAlertUnwantedSoftware = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SecurityAlertUnwantedSoftware' }).Enabled + SpoAccessRequest = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoAccessRequest' }).Enabled + SpoApprovedAccess = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoApprovedAccess' }).Enabled + SpoDownload = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoDownload' }).Enabled + SpoDownloadV2 = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoDownloadV2' }).Enabled + SpoFileAccessed = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileAccessed' }).Enabled + SpoFileDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileDeleted' }).Enabled + SpoFileDeletedFromFirstStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileDeletedFromFirstStageRecycleBin' }).Enabled + SpoFileDeletedFromSecondStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileDeletedFromSecondStageRecycleBin' }).Enabled + SpoFileLabelDowngraded = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileLabelDowngraded' }).Enabled + SpoFileLabelRemoved = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileLabelRemoved' }).Enabled + SpoFileSharing = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFileSharing' }).Enabled + SpoFolderDeleted = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFolderDeleted' }).Enabled + SpoFolderDeletedFromFirstStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFolderDeletedFromFirstStageRecycleBin' }).Enabled + SpoFolderDeletedFromSecondStageRecycleBin = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFolderDeletedFromSecondStageRecycleBin' }).Enabled + SpoFolderSharing = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoFolderSharing' }).Enabled + SpoSiteExternalUserAdded = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoSiteExternalUserAdded' }).Enabled + SpoSiteInternalUserAdded = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoSiteInternalUserAdded' }).Enabled + SpoSiteLabelRemoved = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoSiteLabelRemoved' }).Enabled + SpoSiteSharing = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoSiteSharing' }).Enabled + SpoSyncDownload = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'SpoSyncDownload' }).Enabled + TeamsChannelFileSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsChannelFileSharedExternal' }).Enabled + TeamsChannelMemberAddedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsChannelMemberAddedExternal' }).Enabled + TeamsChatFileSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsChatFileSharedExternal' }).Enabled + TeamsFileDownload = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsFileDownload' }).Enabled + TeamsFolderSharedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsFolderSharedExternal' }).Enabled + TeamsMemberAddedExternal = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsMemberAddedExternal' }).Enabled + TeamsSensitiveMessage = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'TeamsSensitiveMessage' }).Enabled + UserHistory = ($tenantSettings.Indicators | Where-Object -FilterScript { $_.Name -eq 'UserHistory' }).Enabled + AWSS3BlockPublicAccessDisabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AWSS3BlockPublicAccessDisabled' }).Enabled + AWSS3BucketDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AWSS3BucketDeleted' }).Enabled + AWSS3PublicAccessEnabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AWSS3PublicAccessEnabled' }).Enabled + AWSS3ServerLoggingDisabled = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AWSS3ServerLoggingDisabled' }).Enabled + AzureElevateAccessToAllSubscriptions = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AzureElevateAccessToAllSubscriptions' }).Enabled + AzureResourceThreatProtectionSettingsUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AzureResourceThreatProtectionSettingsUpdated' }).Enabled + AzureSQLServerAuditingSettingsUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AzureSQLServerAuditingSettingsUpdated' }).Enabled + AzureSQLServerFirewallRuleDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AzureSQLServerFirewallRuleDeleted' }).Enabled + AzureSQLServerFirewallRuleUpdated = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AzureSQLServerFirewallRuleUpdated' }).Enabled + AzureStorageAccountOrContainerDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'AzureStorageAccountOrContainerDeleted' }).Enabled + BoxContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'BoxContentAccess' }).Enabled + BoxContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'BoxContentDelete' }).Enabled + BoxContentDownload = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'BoxContentDownload' }).Enabled + BoxContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'BoxContentExternallyShared' }).Enabled + CCFinancialRegulatoryRiskyTextSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'CCFinancialRegulatoryRiskyTextSent' }).Enabled + CCInappropriateContentSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'CCInappropriateContentSent' }).Enabled + CCInappropriateImagesSent = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'CCInappropriateImagesSent' }).Enabled + DropboxContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'DropboxContentAccess' }).Enabled + DropboxContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'DropboxContentDelete' }).Enabled + DropboxContentDownload = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'DropboxContentDownload' }).Enabled + DropboxContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'DropboxContentExternallyShared' }).Enabled + GoogleDriveContentAccess = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'GoogleDriveContentAccess' }).Enabled + GoogleDriveContentDelete = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'GoogleDriveContentDelete' }).Enabled + GoogleDriveContentExternallyShared = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'GoogleDriveContentExternallyShared' }).Enabled + PowerBIDashboardsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBIDashboardsDeleted' }).Enabled + PowerBIReportsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBIReportsDeleted' }).Enabled + PowerBIReportsDownloaded = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBIReportsDownloaded' }).Enabled + PowerBIReportsExported = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBIReportsExported' }).Enabled + PowerBIReportsViewed = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBIReportsViewed' }).Enabled + PowerBISemanticModelsDeleted = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBISemanticModelsDeleted' }).Enabled + PowerBISensitivityLabelDowngradedForArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBISensitivityLabelDowngradedForArtifacts' }).Enabled + PowerBISensitivityLabelRemovedFromArtifacts = ($tenantSettings.ExtensibleIndicators | Where-Object -FilterScript { $_.Name -eq 'PowerBISensitivityLabelRemovedFromArtifacts' }).Enabled HistoricTimeSpan = $tenantSettings.TimeSpan.HistoricTimeSpan InScopeTimeSpan = $tenantSettings.TimeSpan.InScopeTimeSpan EnableTeam = [Boolean]($tenantSettings.FeatureSettings.EnableTeam) } - $AnalyticsNewInsight = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'AnalyticsNewInsight'} + $AnalyticsNewInsight = $tenantSettings.NotificationPreferences | Where-Object -FilterScript { $_.NotificationType -eq 'AnalyticsNewInsight' } if ($null -ne $AnalyticsNewInsight) { $tenantSettingsHash.Add('AnalyticsNewInsightEnabled', [Boolean]$AnalyticsNewInsight.Enabled) } - $AnalyticsTurnedOff = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'AnalyticsTurnedOff'} + $AnalyticsTurnedOff = $tenantSettings.NotificationPreferences | Where-Object -FilterScript { $_.NotificationType -eq 'AnalyticsTurnedOff' } if ($null -ne $AnalyticsTurnedOff) { $tenantSettingsHash.Add('AnalyticsTurnedOffEnabled', [Boolean]$AnalyticsTurnedOff.Enabled) } - $highSeverityAlerts = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'HighSeverityAlerts'} + $highSeverityAlerts = $tenantSettings.NotificationPreferences | Where-Object -FilterScript { $_.NotificationType -eq 'HighSeverityAlerts' } if ($null -ne $highSeverityAlerts) { $tenantSettingsHash.Add('HighSeverityAlertsEnabled', [Boolean]$highSeverityAlerts.Enabled) $tenantSettingsHash.Add('HighSeverityAlertsRoleGroups', [Array]$highSeverityAlerts.RoleGroups) } - $policiesHealth = $tenantSettings.NotificationPreferences | Where-Object -FilterScript {$_.NotificationType -eq 'PoliciesHealth'} + $policiesHealth = $tenantSettings.NotificationPreferences | Where-Object -FilterScript { $_.NotificationType -eq 'PoliciesHealth' } if ($null -ne $policiesHealth) { $tenantSettingsHash.Add('PoliciesHealthEnabled', [Boolean]$policiesHealth.Enabled) @@ -977,7 +977,7 @@ function Get-TargetResource # Adaptive Protection $AdaptiveProtectionEnabledValue = $false if ($null -ne $tenantSettings.DynamicRiskPreventionSettings -and ` - $null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings) + $null -ne $tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings) { if ($tenantSettings.DynamicRiskPreventionSettings.DynamicRiskScenarioSettings.ActivationStatus -eq 0) { @@ -1786,33 +1786,33 @@ function Set-TargetResource $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $indicatorsProperties = @('AnomalyDetections','CopyToPersonalCloud','CopyToUSB','CumulativeExfiltrationDetector', ` - 'EmailExternal','EmployeeAccessedEmployeePatientData','EmployeeAccessedFamilyData', ` - 'EmployeeAccessedHighVolumePatientData','EmployeeAccessedNeighbourData', ` - 'EmployeeAccessedRestrictedData','EpoBrowseToChildAbuseSites','EpoBrowseToCriminalActivitySites', ` - 'EpoBrowseToCultSites','EpoBrowseToGamblingSites','EpoBrowseToHackingSites', ` - 'EpoBrowseToHateIntoleranceSites','EpoBrowseToIllegalSoftwareSites','EpoBrowseToKeyloggerSites', ` - 'EpoBrowseToLlmSites','EpoBrowseToMalwareSites','EpoBrowseToPhishingSites', ` - 'EpoBrowseToPornographySites','EpoBrowseToUnallowedDomain','EpoBrowseToViolenceSites', ` - 'EpoCopyToClipboardFromSensitiveFile','EpoCopyToNetworkShare','EpoFileArchived', ` - 'EpoFileCopiedToRemoteDesktopSession','EpoFileDeleted','EpoFileDownloadedFromBlacklistedDomain', ` - 'EpoFileDownloadedFromEnterpriseDomain','EpoFileRenamed','EpoFileStagedToCentralLocation', ` - 'EpoHiddenFileCreated','EpoRemovableMediaMount','EpoSensitiveFileRead','Mcas3rdPartyAppDownload', ` - 'Mcas3rdPartyAppFileDelete','Mcas3rdPartyAppFileSharing','McasActivityFromInfrequentCountry', ` - 'McasImpossibleTravel','McasMultipleFailedLogins','McasMultipleStorageDeletion', ` - 'McasMultipleVMCreation','McasMultipleVMDeletion','McasSuspiciousAdminActivities', ` - 'McasSuspiciousCloudCreation','McasSuspiciousCloudTrailLoggingChange','McasTerminatedEmployeeActivity', ` - 'OdbDownload','OdbSyncDownload','PeerCumulativeExfiltrationDetector','PhysicalAccess', ` - 'PotentialHighImpactUser','Print','PriorityUserGroupMember','SecurityAlertDefenseEvasion', ` - 'SecurityAlertUnwantedSoftware','SpoAccessRequest','SpoApprovedAccess','SpoDownload','SpoDownloadV2', ` - 'SpoFileAccessed','SpoFileDeleted','SpoFileDeletedFromFirstStageRecycleBin', ` - 'SpoFileDeletedFromSecondStageRecycleBin','SpoFileLabelDowngraded','SpoFileLabelRemoved', ` - 'SpoFileSharing','SpoFolderDeleted','SpoFolderDeletedFromFirstStageRecycleBin', ` - 'SpoFolderDeletedFromSecondStageRecycleBin','SpoFolderSharing','SpoSiteExternalUserAdded', ` - 'SpoSiteInternalUserAdded','SpoSiteLabelRemoved','SpoSiteSharing','SpoSyncDownload', ` - 'TeamsChannelFileSharedExternal','TeamsChannelMemberAddedExternal','TeamsChatFileSharedExternal', ` - 'TeamsFileDownload','TeamsFolderSharedExternal','TeamsMemberAddedExternal','TeamsSensitiveMessage', ` - 'UserHistory') + $indicatorsProperties = @('AnomalyDetections', 'CopyToPersonalCloud', 'CopyToUSB', 'CumulativeExfiltrationDetector', ` + 'EmailExternal', 'EmployeeAccessedEmployeePatientData', 'EmployeeAccessedFamilyData', ` + 'EmployeeAccessedHighVolumePatientData', 'EmployeeAccessedNeighbourData', ` + 'EmployeeAccessedRestrictedData', 'EpoBrowseToChildAbuseSites', 'EpoBrowseToCriminalActivitySites', ` + 'EpoBrowseToCultSites', 'EpoBrowseToGamblingSites', 'EpoBrowseToHackingSites', ` + 'EpoBrowseToHateIntoleranceSites', 'EpoBrowseToIllegalSoftwareSites', 'EpoBrowseToKeyloggerSites', ` + 'EpoBrowseToLlmSites', 'EpoBrowseToMalwareSites', 'EpoBrowseToPhishingSites', ` + 'EpoBrowseToPornographySites', 'EpoBrowseToUnallowedDomain', 'EpoBrowseToViolenceSites', ` + 'EpoCopyToClipboardFromSensitiveFile', 'EpoCopyToNetworkShare', 'EpoFileArchived', ` + 'EpoFileCopiedToRemoteDesktopSession', 'EpoFileDeleted', 'EpoFileDownloadedFromBlacklistedDomain', ` + 'EpoFileDownloadedFromEnterpriseDomain', 'EpoFileRenamed', 'EpoFileStagedToCentralLocation', ` + 'EpoHiddenFileCreated', 'EpoRemovableMediaMount', 'EpoSensitiveFileRead', 'Mcas3rdPartyAppDownload', ` + 'Mcas3rdPartyAppFileDelete', 'Mcas3rdPartyAppFileSharing', 'McasActivityFromInfrequentCountry', ` + 'McasImpossibleTravel', 'McasMultipleFailedLogins', 'McasMultipleStorageDeletion', ` + 'McasMultipleVMCreation', 'McasMultipleVMDeletion', 'McasSuspiciousAdminActivities', ` + 'McasSuspiciousCloudCreation', 'McasSuspiciousCloudTrailLoggingChange', 'McasTerminatedEmployeeActivity', ` + 'OdbDownload', 'OdbSyncDownload', 'PeerCumulativeExfiltrationDetector', 'PhysicalAccess', ` + 'PotentialHighImpactUser', 'Print', 'PriorityUserGroupMember', 'SecurityAlertDefenseEvasion', ` + 'SecurityAlertUnwantedSoftware', 'SpoAccessRequest', 'SpoApprovedAccess', 'SpoDownload', 'SpoDownloadV2', ` + 'SpoFileAccessed', 'SpoFileDeleted', 'SpoFileDeletedFromFirstStageRecycleBin', ` + 'SpoFileDeletedFromSecondStageRecycleBin', 'SpoFileLabelDowngraded', 'SpoFileLabelRemoved', ` + 'SpoFileSharing', 'SpoFolderDeleted', 'SpoFolderDeletedFromFirstStageRecycleBin', ` + 'SpoFolderDeletedFromSecondStageRecycleBin', 'SpoFolderSharing', 'SpoSiteExternalUserAdded', ` + 'SpoSiteInternalUserAdded', 'SpoSiteLabelRemoved', 'SpoSiteSharing', 'SpoSyncDownload', ` + 'TeamsChannelFileSharedExternal', 'TeamsChannelMemberAddedExternal', 'TeamsChatFileSharedExternal', ` + 'TeamsFileDownload', 'TeamsFolderSharedExternal', 'TeamsMemberAddedExternal', 'TeamsSensitiveMessage', ` + 'UserHistory') $indicatorValues = @() foreach ($indicatorProperty in $indicatorsProperties) @@ -1823,15 +1823,15 @@ function Set-TargetResource } } - $extensibleIndicatorsProperties = @('AWSS3BlockPublicAccessDisabled','AWSS3BucketDeleted','AWSS3PublicAccessEnabled',` - 'AWSS3ServerLoggingDisabled','AzureElevateAccessToAllSubscriptions','AzureResourceThreatProtectionSettingsUpdated', ` - 'AzureSQLServerAuditingSettingsUpdated','AzureSQLServerFirewallRuleDeleted','AzureSQLServerFirewallRuleUpdated', ` - 'AzureStorageAccountOrContainerDeleted','BoxContentAccess','BoxContentDelete','BoxContentDownload','BoxContentExternallyShared', ` - 'CCFinancialRegulatoryRiskyTextSent','CCInappropriateContentSent','CCInappropriateImagesSent','DropboxContentAccess', ` - 'DropboxContentDelete','DropboxContentDownload','DropboxContentExternallyShared','GoogleDriveContentAccess', ` - 'GoogleDriveContentDelete','GoogleDriveContentExternallyShared','PowerBIDashboardsDeleted','PowerBIReportsDeleted', ` - 'PowerBIReportsDownloaded','PowerBIReportsExported','PowerBIReportsViewed','PowerBISemanticModelsDeleted', ` - 'PowerBISensitivityLabelDowngradedForArtifacts','PowerBISensitivityLabelRemovedFromArtifacts') + $extensibleIndicatorsProperties = @('AWSS3BlockPublicAccessDisabled', 'AWSS3BucketDeleted', 'AWSS3PublicAccessEnabled', ` + 'AWSS3ServerLoggingDisabled', 'AzureElevateAccessToAllSubscriptions', 'AzureResourceThreatProtectionSettingsUpdated', ` + 'AzureSQLServerAuditingSettingsUpdated', 'AzureSQLServerFirewallRuleDeleted', 'AzureSQLServerFirewallRuleUpdated', ` + 'AzureStorageAccountOrContainerDeleted', 'BoxContentAccess', 'BoxContentDelete', 'BoxContentDownload', 'BoxContentExternallyShared', ` + 'CCFinancialRegulatoryRiskyTextSent', 'CCInappropriateContentSent', 'CCInappropriateImagesSent', 'DropboxContentAccess', ` + 'DropboxContentDelete', 'DropboxContentDownload', 'DropboxContentExternallyShared', 'GoogleDriveContentAccess', ` + 'GoogleDriveContentDelete', 'GoogleDriveContentExternallyShared', 'PowerBIDashboardsDeleted', 'PowerBIReportsDeleted', ` + 'PowerBIReportsDownloaded', 'PowerBIReportsExported', 'PowerBIReportsViewed', 'PowerBISemanticModelsDeleted', ` + 'PowerBISensitivityLabelDowngradedForArtifacts', 'PowerBISensitivityLabelRemovedFromArtifacts') $extensibleIndicatorsValues = @() foreach ($extensibleIndicatorsProperty in $extensibleIndicatorsProperties) @@ -1848,10 +1848,10 @@ function Set-TargetResource $tenantSettingsValue = "{`"Region`":`"WW`", `"FeatureSettings`":$($featureSettingsValue), " + ` - "`"IntelligentDetections`":$($intelligentDetectionValue)" + "`"IntelligentDetections`":$($intelligentDetectionValue)" if ($null -ne $AdaptiveProtectionEnabled) { - Write-Verbose -Message "Adding Adaptive Protection setting to the set parameters." + Write-Verbose -Message 'Adding Adaptive Protection setting to the set parameters.' $AdaptiveProtectionActivatonStatus = 1 if ($AdaptiveProtectionEnabled) { @@ -1865,19 +1865,19 @@ function Set-TargetResource $tenantSettingsValue += ", `"DynamicRiskPreventionSettings`":$dynamicRiskPreventionSettings" } - $tenantSettingsValue += "}" + $tenantSettingsValue += '}' # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating new Insider Risk Policy {$Name} with values:`r`nIndicators: $($indicatorValues)`r`n`r`nExtensibleIndicators: $($extensibleIndicatorsValues)`r`n`r`nTenantSettings: $($tenantSettingsValue)`r`n`r`nSessionRecordingSettings: $($sessionRecordingValues)" New-InsiderRiskPolicy -Name $Name -InsiderRiskScenario $InsiderRiskScenario ` - -Indicators $indicatorValues ` - -ExtensibleIndicators $extensibleIndicatorsValues ` - -TenantSetting $tenantSettingsValue ` - -HistoricTimeSpan $HistoricTimeSpan ` - -InScopeTimeSpan $InScopeTimeSpan ` - -SessionRecordingSettings $sessionRecordingValues + -Indicators $indicatorValues ` + -ExtensibleIndicators $extensibleIndicatorsValues ` + -TenantSetting $tenantSettingsValue ` + -HistoricTimeSpan $HistoricTimeSpan ` + -InScopeTimeSpan $InScopeTimeSpan ` + -SessionRecordingSettings $sessionRecordingValues } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 index e0f76fbaa1..fca3493151 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 @@ -177,25 +177,25 @@ function Get-TargetResource $DlpNetworkShareGroupsObject = ConvertFrom-Json $instance.DlpNetworkShareGroups # AdvancedClassificationEnabled - $AdvancedClassificationEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'AdvancedClassificationEnabled'}).Value + $AdvancedClassificationEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value # BandwidthLimitEnabled - $BandwidthLimitEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'BandwidthLimitEnabledValue'}).Value + $BandwidthLimitEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabledValue' }).Value # DailyBandwidthLimitInMB - $DailyBandwidthLimitInMBValue = [UInt32]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'DailyBandwidthLimitInMB'}).Value + $DailyBandwidthLimitInMBValue = [UInt32]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value # PathExclusion - $PathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'PathExclusion'}).Value + $PathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'PathExclusion' }).Value # MacPathExclusion - $MacPathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'MacPathExclusion'}).Value + $MacPathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacPathExclusion' }).Value # MacDefaultPathExclusionsEnabled - $MacDefaultPathExclusionsEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'MacDefaultPathExclusionsEnabled'}).Value + $MacDefaultPathExclusionsEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value #EvidenceStoreSettings - $entry = $EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'EvidenceStoreSettings'} + $entry = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'EvidenceStoreSettings' } if ($null -ne $entry) { $entry = ConvertFrom-Json $entry.Value @@ -208,10 +208,10 @@ function Get-TargetResource } # NetworkPathEnforcementEnabled - $NetworkPathEnforcementEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'NetworkPathEnforcementEnabled'}).Value + $NetworkPathEnforcementEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value # NetworkPathExclusion - $NetworkPathExclusionValue = ($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'NetworkPathExclusion'}).Value + $NetworkPathExclusionValue = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathExclusion' }).Value # DlpAppGroups $DlpAppGroupsValue = @() @@ -237,7 +237,7 @@ function Get-TargetResource } # UnallowedApp - $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'UnallowedApp'}) + $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedApp' }) $UnallowedAppValue = @() foreach ($entry in $entries) { @@ -249,7 +249,7 @@ function Get-TargetResource } # UnallowedCloudSyncApp - $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'UnallowedCloudSyncApp'}) + $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedCloudSyncApp' }) $UnallowedCloudSyncAppValue = @() foreach ($entry in $entries) { @@ -261,10 +261,10 @@ function Get-TargetResource } # IncludePredefinedUnallowedBluetoothApps - $IncludePredefinedUnallowedBluetoothAppsValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps'}).Value + $IncludePredefinedUnallowedBluetoothAppsValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value # UnallowedBluetoothApp - $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'UnallowedBluetoothApp'}) + $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedBluetoothApp' }) $UnallowedBluetoothAppValue = @() foreach ($entry in $entries) { @@ -276,7 +276,7 @@ function Get-TargetResource } # UnallowedBrowser - $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'UnallowedBrowser'}) + $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedBrowser' }) $UnallowedBrowserValue = @() foreach ($entry in $entries) { @@ -288,17 +288,17 @@ function Get-TargetResource } # CloudAppMode - $CloudAppModeValue = ($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'CloudAppMode'}).Value + $CloudAppModeValue = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'CloudAppMode' }).Value # CloudAppRestrictionList - $CloudAppRestrictionListValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'CloudAppRestrictionList'}).Value + $CloudAppRestrictionListValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'CloudAppRestrictionList' }).Value # SiteGroups $SiteGroupsValue = @() foreach ($siteGroup in $SiteGroupsObject) { $entry = @{ - Id = $siteGroup.Id + Id = $siteGroup.Id Name = $siteGroup.Name } @@ -317,11 +317,11 @@ function Get-TargetResource } # CustomBusinessJustificationNotification - $CustomBusinessJustificationNotificationValue = [Uint32]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'CustomBusinessJustificationNotification'}).Value + $CustomBusinessJustificationNotificationValue = [Uint32]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'CustomBusinessJustificationNotification' }).Value if (-not [System.String]::IsNullOrEmpty($EndpointDlpGlobalSettingsValue.Setting)) { - $entities = $EndpointDlpGlobalSettingsValue | Where-Object -FilterScript {$_.Setting -eq 'BusinessJustificationList'} + $entities = $EndpointDlpGlobalSettingsValue | Where-Object -FilterScript { $_.Setting -eq 'BusinessJustificationList' } # BusinessJustificationList if ($null -ne $entities) @@ -340,13 +340,13 @@ function Get-TargetResource } # serverDlpEnabled - $serverDlpEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'serverDlpEnabled'}).Value + $serverDlpEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value # AuditFileActivity - $AuditFileActivityValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'AuditFileActivity'}).Value + $AuditFileActivityValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value # VPNSettings - $entity = $EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'VPNSettings'} + $entity = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'VPNSettings' } if ($null -ne $entity) { $entity = ConvertFrom-Json ($entity.value) @@ -400,7 +400,7 @@ function Get-TargetResource foreach ($media in $group.removableMedia) { $current = @{ - deviceId = $media.deviceId + deviceId = $media.deviceId removableMediaVID = $media.removableMediaVID name = $media.name alias = $media.alias @@ -429,9 +429,9 @@ function Get-TargetResource } $QuarantineParametersValue = @() - if ($null -ne ($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'QuarantineParameters'})) + if ($null -ne ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'QuarantineParameters' })) { - $quarantineInfo = [Array]($EndpointDlpGlobalSettingsValue | Where-Object {$_.Setting -eq 'QuarantineParameters'}).Value + $quarantineInfo = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'QuarantineParameters' }).Value $quarantineInfo = ConvertFrom-Json $quarantineInfo[0] $QuarantineParametersValue = @{ EnableQuarantineForCloudSyncApps = $quarantineInfo.EnableQuarantineForCloudSyncApps @@ -837,8 +837,8 @@ function Set-TargetResource foreach ($domain in $CloudAppRestrictionList) { $EndpointDlpGlobalSettingsValue += @{ - Setting = 'CloudAppRestrictionList' - Value = "$($domain.ToString())" + Setting = 'CloudAppRestrictionList' + Value = "$($domain.ToString())" } } @@ -881,7 +881,7 @@ function Set-TargetResource { $entry = @{ Setting = 'VPNSettings' - Value = @{ + Value = @{ serverAddress = @() } } @@ -974,7 +974,7 @@ function Set-TargetResource foreach ($group in $DLPRemovableMediaGroups) { $entry = @{ - groupName = $group.groupName + groupName = $group.groupName removableMedia = @( ) } @@ -1354,85 +1354,85 @@ function Export-TargetResource if ($null -ne $Results.QuarantineParameters) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'QuarantineParameters' ` - -IsCIMArray:$true + -ParameterName 'QuarantineParameters' ` + -IsCIMArray:$true } if ($null -ne $Results.BusinessJustificationList) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'BusinessJustificationList' ` - -IsCIMArray:$true + -ParameterName 'BusinessJustificationList' ` + -IsCIMArray:$true } if ($null -ne $Results.DLPAppGroups) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DLPAppGroups' ` - -IsCIMArray:$true + -ParameterName 'DLPAppGroups' ` + -IsCIMArray:$true } if ($null -ne $Results.DLPNetworkShareGroups) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DLPNetworkShareGroups' ` - -IsCIMArray:$true + -ParameterName 'DLPNetworkShareGroups' ` + -IsCIMArray:$true } if ($null -ne $Results.DLPPrinterGroups) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DLPPrinterGroups' ` - -IsCIMArray:$true + -ParameterName 'DLPPrinterGroups' ` + -IsCIMArray:$true } if ($null -ne $Results.DLPRemovableMediaGroups) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DLPRemovableMediaGroups' ` - -IsCIMArray:$true + -ParameterName 'DLPRemovableMediaGroups' ` + -IsCIMArray:$true } if ($null -ne $Results.SiteGroups) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'SiteGroups' ` - -IsCIMArray:$true + -ParameterName 'SiteGroups' ` + -IsCIMArray:$true } if ($null -ne $Results.UnallowedApp) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'UnallowedApp' ` - -IsCIMArray:$true + -ParameterName 'UnallowedApp' ` + -IsCIMArray:$true } if ($null -ne $Results.UnallowedCloudSyncApp) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'UnallowedCloudSyncApp' ` - -IsCIMArray:$true + -ParameterName 'UnallowedCloudSyncApp' ` + -IsCIMArray:$true } if ($null -ne $Results.UnallowedBluetoothApp) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'UnallowedBluetoothApp' ` - -IsCIMArray:$true + -ParameterName 'UnallowedBluetoothApp' ` + -IsCIMArray:$true } if ($null -ne $Results.UnallowedBrowser) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'UnallowedBrowser' ` - -IsCIMArray:$true + -ParameterName 'UnallowedBrowser' ` + -IsCIMArray:$true } if ($null -ne $Results.EvidenceStoreSettings) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'EvidenceStoreSettings' ` - -IsCIMArray:$false + -ParameterName 'EvidenceStoreSettings' ` + -IsCIMArray:$false } $dscContent += $currentDSCBlock @@ -1467,14 +1467,14 @@ function ConvertTo-QuarantineParametersString ) $content = [System.Text.StringBuilder]::new() - [void]$content.AppendLine(" MSFT_PolicyConfigQuarantineParameters") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigQuarantineParameters') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" EnableQuarantineForCloudSyncApps = `$$($ObjectHash.EnableQuarantineForCloudSyncApps)") [void]$content.AppendLine(" QuarantinePath = '$($ObjectHash.QuarantinePath.ToString())'") [void]$content.AppendLine(" MacQuarantinePath = '$($ObjectHash.MacQuarantinePath)'") [void]$content.AppendLine(" ShouldReplaceFile = `$$($ObjectHash.ShouldReplaceFile.ToString())") [void]$content.AppendLine(" FileReplacementText = '$($ObjectHash.FileReplacementText)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') return $content.ToString() } @@ -1493,12 +1493,12 @@ function ConvertTo-BusinessJustificationListString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigBusinessJustificationList") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigBusinessJustificationList') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" Id = '$($instance.Id)'") [void]$content.AppendLine(" Enable = `$$($instance.Enable)") [void]$content.AppendLine(" justificationText = '$($instance.justificationText)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } [void]$content.Append(' )') $result = $content.ToString() @@ -1519,22 +1519,22 @@ function ConvertTo-DLPAppGroupsString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigDLPAppGroups") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigDLPAppGroups') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" Name = '$($instance.Name)'") [void]$content.AppendLine(" Id = '$($instance.Id)'") [void]$content.AppendLine(" Description = '$($instance.Description)'") - [void]$content.AppendLine(" Apps = @(") + [void]$content.AppendLine(' Apps = @(') foreach ($app in $instance.Apps) { - [void]$content.AppendLine(" MSFT_PolicyConfigDLPApp") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigDLPApp') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" ExecutableName = '$($app.ExecutableName)'") [void]$content.AppendLine(" Name = '$($app.Name)'") [void]$content.AppendLine(" Quarantine = `$$($app.Quarantine)") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } - [void]$content.AppendLine(" )}") + [void]$content.AppendLine(' )}') } [void]$content.Append(' )') $result = $content.ToString() @@ -1555,11 +1555,11 @@ function ConvertTo-DLPNetworkShareGroupsString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigDLPNetworkShareGroups") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigDLPNetworkShareGroups') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" groupName = '$($instance.groupName)'") [void]$content.AppendLine(" groupId = '$($instance.groupId)'") - [void]$content.Append(" networkPaths = @(") + [void]$content.Append(' networkPaths = @(') $countPath = 1 foreach ($path in $instance.networkPaths) { @@ -1571,7 +1571,7 @@ function ConvertTo-DLPNetworkShareGroupsString $countPath++ } [void]$content.AppendLine(')') - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } [void]$content.Append(' )') $result = $content.ToString() @@ -1588,22 +1588,22 @@ function ConvertTo-EvidenceStoreSettingsString $ObjectHash ) $content = [System.Text.StringBuilder]::new() - [void]$content.AppendLine(" MSFT_PolicyConfigEvidenceStoreSettings") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigEvidenceStoreSettings') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" FileEvidenceIsEnabled = `$$($ObjectHash.FileEvidenceIsEnabled)") [void]$content.AppendLine(" NumberOfDaysToRetain = $($ObjectHash.NumberOfDaysToRetain)") - [void]$content.AppendLine(" StorageAccounts = @(") + [void]$content.AppendLine(' StorageAccounts = @(') foreach ($storageAccount in $ObjectHash.StorageAccounts) { - [void]$content.AppendLine(" MSFT_PolicyConfigStorageAccount") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigStorageAccount') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" Name = '$($storageAccount.Name)'") [void]$content.AppendLine(" BlobUri = '$($storageAccount.BlobUri)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } - [void]$content.AppendLine(" )") + [void]$content.AppendLine(' )') [void]$content.AppendLine(" Store = '$($ObjectHash.Store)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') return $content.ToString() } @@ -1621,33 +1621,33 @@ function ConvertTo-DLPPrinterGroupsString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigDLPPrinterGroups") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigDLPPrinterGroups') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" groupName = '$($instance.groupName)'") [void]$content.AppendLine(" groupId = '$($instance.groupId)'") - [void]$content.AppendLine(" printers = @(") + [void]$content.AppendLine(' printers = @(') foreach ($printer in $instance.printers) { - [void]$content.AppendLine(" MSFT_PolicyConfigPrinter") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigPrinter') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" universalPrinter = `$$($printer.universalPrinter)") [void]$content.AppendLine(" usbPrinter = `$$($printer.usbPrinter)") [void]$content.AppendLine(" usbPrinterId = '$($printer.usbPrinterId)'") [void]$content.AppendLine(" name = '$($printer.name)'") [void]$content.AppendLine(" alias = '$($printer.alias)'") [void]$content.AppendLine(" usbPrinterVID = '$($printer.usbPrinterVID)'") - [void]$content.AppendLine(" ipRange = MSFT_PolicyConfigIPRange") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' ipRange = MSFT_PolicyConfigIPRange') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" fromAddress = '$($printer.ipRange.fromAddress)'") [void]$content.AppendLine(" toAddress = '$($printer.ipRange.toAddress)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') [void]$content.AppendLine(" corporatePrinter = `$$($printer.corporatePrinter)") [void]$content.AppendLine(" printToLocal = `$$($printer.printToLocal)") [void]$content.AppendLine(" printToFile = `$$($printer.printToFile)") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } - [void]$content.AppendLine(" )") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' )') + [void]$content.AppendLine(' }') } [void]$content.Append(')') $result = $content.ToString() @@ -1668,14 +1668,14 @@ function ConvertTo-DLPRemovableMediaGroupsString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigDLPRemovableMediaGroups") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigDLPRemovableMediaGroups') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" groupName = '$($instance.groupName)'") - [void]$content.AppendLine(" removableMedias = @(") + [void]$content.AppendLine(' removableMedias = @(') foreach ($media in $instance.removableMedia) { - [void]$content.AppendLine(" MSFT_PolicyConfigRemovableMedia") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigRemovableMedia') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" deviceId = '$($media.deviceId)'") [void]$content.AppendLine(" removableMediaVID = '$($media.removableMediaVID)'") [void]$content.AppendLine(" name = '$($media.name)'") @@ -1684,10 +1684,10 @@ function ConvertTo-DLPRemovableMediaGroupsString [void]$content.AppendLine(" instancePathId = '$($media.instancePathId)'") [void]$content.AppendLine(" serialNumberId = '$($media.serialNumberId)'") [void]$content.AppendLine(" hardwareId = '$($media.hardwareId)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } - [void]$content.AppendLine(" )") - [void]$content.AppendLine( "}") + [void]$content.AppendLine(' )') + [void]$content.AppendLine( '}') } [void]$content.Append(' )') $result = $content.ToString() @@ -1707,23 +1707,23 @@ function ConvertTo-SiteGroupsString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigDLPSiteGroups") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigDLPSiteGroups') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" Id = '$($instance.Id)'") [void]$content.AppendLine(" Name = '$($instance.Name)'") - [void]$content.AppendLine(" Addresses = @(") + [void]$content.AppendLine(' Addresses = @(') foreach ($address in $instance.addresses) { - [void]$content.AppendLine(" MSFT_PolicyConfigSiteGroupAddress") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigSiteGroupAddress') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" MatchType = '$($address.MatchType)'") [void]$content.AppendLine(" Url = '$($address.Url)'") [void]$content.AppendLine(" AddressLower = '$($address.AddressLower)'") [void]$content.AppendLine(" AddressUpper = '$($address.AddressUpper)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } - [void]$content.AppendLine(" )") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' )') + [void]$content.AppendLine(' }') } [void]$content.Append(' )') $result = $content.ToString() @@ -1744,11 +1744,11 @@ function ConvertTo-AppsString [void]$content.Append('@(') foreach ($instance in $ObjectHash) { - [void]$content.AppendLine(" MSFT_PolicyConfigApp") - [void]$content.AppendLine(" {") + [void]$content.AppendLine(' MSFT_PolicyConfigApp') + [void]$content.AppendLine(' {') [void]$content.AppendLine(" Value = '$($instance.Value)'") [void]$content.AppendLine(" Executable = '$($instance.Executable)'") - [void]$content.AppendLine(" }") + [void]$content.AppendLine(' }') } [void]$content.Append(')') $result = $content.ToString() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index 81c0a104ea..92f7516c3c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -648,7 +648,7 @@ function Export-TargetResource try { - [array]$Alerts = Get-ProtectionAlert -ErrorAction Stop | Where-Object -FilterScript {-not $_.IsSystemRule} + [array]$Alerts = Get-ProtectionAlert -ErrorAction Stop | Where-Object -FilterScript { -not $_.IsSystemRule } $totalAlerts = $Alerts.Length if ($null -eq $totalAlerts) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 index 432a91ccfb..f8626b0ad5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 @@ -217,12 +217,12 @@ function Get-TargetResource SkypeLocation = @() SkypeLocationException = @() Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } if ($PolicyObject.DynamicScopeLocation.Count -gt 0) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 index 171c460360..acc49ae62f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 @@ -83,7 +83,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -102,7 +102,7 @@ function Get-TargetResource Name = $RoleGroup.Name DisplayName = $RoleGroup.DisplayName Description = $RoleGroup.Description - Roles = $RoleGroup.Roles -replace "^.*\/(?=[^\/]*$)" + Roles = $RoleGroup.Roles -replace '^.*\/(?=[^\/]*$)' Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -221,7 +221,8 @@ function Set-TargetResource { $NewRoleGroupParams.Add('DisplayName', $Name) } - else { + else + { $NewRoleGroupParams.Add('DisplayName', $DisplayName) } # Remove Description Parameter if null or Empty as the creation fails with $null parameter @@ -236,7 +237,7 @@ function Set-TargetResource # Create Role Group if ($Members.Length -gt 0) { - $NewRoleGroupParams.Add("Members", $Members) + $NewRoleGroupParams.Add('Members', $Members) } New-RoleGroup @NewRoleGroupParams } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 index 853a4786e5..fbd769032c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 @@ -83,7 +83,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } else { @@ -224,11 +224,11 @@ function Set-TargetResource # CASE: Role Group Membership should be removed elseif ($Ensure -eq 'Absent' -and $currentRoleGroupConfig.Ensure -eq 'Present') { - foreach ($member in $Members) - { - Write-Verbose -Message "Removing Member {$member} from Role Group {$Name}" - Remove-RoleGroupMember -Identity $Name -Member $member - } + foreach ($member in $Members) + { + Write-Verbose -Message "Removing Member {$member} from Role Group {$Name}" + Remove-RoleGroupMember -Identity $Name -Member $member + } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 index 706ca7a061..777360615c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 @@ -174,19 +174,19 @@ function Get-M365DSCSCMapSecurityFilter $CertificatePassword ) $result = @{ - FilterName = $Filter.FilterName - Action = $Filter.Action - Users = $Filter.Users - Description = $Filter.Description - Filters = $Filter.Filters - Region = $Filter.Region - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' + FilterName = $Filter.FilterName + Action = $Filter.Action + Users = $Filter.Users + Description = $Filter.Description + Filters = $Filter.Filters + Region = $Filter.Region + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' } return $result } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index 0d5a97675e..c09fdbd22c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -1,82 +1,82 @@ $allTrainableClassifiers = @( - [PSCustomObject]@{ Name = "Actuary reports"; Id = "b27df2ee-fd14-4ce9-b02f-4070a5d68132" } - [PSCustomObject]@{ Name = "Agreements"; Id = "7f12e403-5335-4da8-a91e-6c2210b7a2b1" } - [PSCustomObject]@{ Name = "Asset Management"; Id = "716fb550-90cd-493b-b29b-ceed41ee8a6f" } - [PSCustomObject]@{ Name = "Bank statement"; Id = "f426bd16-e42e-4397-824b-f17dedc5bb1c" } - [PSCustomObject]@{ Name = "Budget"; Id = "6f207592-f71e-4b4f-8c07-ebc4bd4965b9" } - [PSCustomObject]@{ Name = "Business Context"; Id = "08b772df-bf93-457f-be23-b5cbf02005fd" } - [PSCustomObject]@{ Name = "Business plan"; Id = "693f8221-ae4e-4612-80f5-746efee167c3" } - [PSCustomObject]@{ Name = "Completion Certificates"; Id = "b2580781-286b-4ad2-ab47-84e84ff331e5" } - [PSCustomObject]@{ Name = "Compliance policies"; Id = "fdad8089-651b-4877-8b66-be105b2e57da" } - [PSCustomObject]@{ Name = "Construction specifications"; Id = "bfde18ef-b4b9-4f30-9965-ef8d00861a2c" } - [PSCustomObject]@{ Name = "Control System and SCADA files"; Id = "59f1f471-687d-453b-a73e-0b0e9f350812" } - [PSCustomObject]@{ Name = "Corporate Sabotage"; Id = "d88960c3-6101-43d9-9250-8c43c71d638a" } - [PSCustomObject]@{ Name = "Credit Report"; Id = "07ce7d30-690a-4a1c-a331-8df9c944f1ab" } - [PSCustomObject]@{ Name = "Customer Complaints"; Id = "8137d8fc-fb7a-40db-9009-284f962fde96" } - [PSCustomObject]@{ Name = "Customer Files"; Id = "fdff9df2-03ba-4372-be97-82c0d2515118" } - [PSCustomObject]@{ Name = "Discrimination"; Id = "a65c4ab6-a155-11eb-921c-6c0b84aa8ea5" } - [PSCustomObject]@{ Name = "Employee disciplinary action files"; Id = "769d56c1-e737-4fc1-8673-8c99bbe24a07" } - [PSCustomObject]@{ Name = "Employee Insurance files"; Id = "fa982a9f-9454-4885-a2bf-94a155df2f33" } - [PSCustomObject]@{ Name = "Employee Pension Records"; Id = "f9ae0bbc-a1e0-4b7e-a96a-eb60b26b4434" } - [PSCustomObject]@{ Name = "Employee Stocks and Financial Bond Records"; Id = "a67b2b59-c5f0-4c66-a6c4-ca6973adfd94" } - [PSCustomObject]@{ Name = "Employment Agreement"; Id = "2a2baab7-b82c-4166-bbe4-55f9d3fd1129" } - [PSCustomObject]@{ Name = "Enterprise Risk Management"; Id = "eed09aae-6f32-47c7-9c99-9d17bad48783" } - [PSCustomObject]@{ Name = "Environmental permits and clearances"; Id = "1b7d3e51-0ecf-41bd-9794-966c94a889ba" } - [PSCustomObject]@{ Name = "Facility Permits"; Id = "914c5379-9d05-47cb-98f0-f5a2be059b5a" } - [PSCustomObject]@{ Name = "factory Incident Investigation reports"; Id = "86186144-d507-4603-bac7-50b56ba05c70" } - [PSCustomObject]@{ Name = "Finance"; Id = "1771481d-a337-4dbf-8e64-af8da0cc3ee9" } - [PSCustomObject]@{ Name = "Finance policies and procedures"; Id = "6556c5eb-0819-4618-ba2e-59925925655e" } - [PSCustomObject]@{ Name = "Financial Audit Reports"; Id = "b04b2a4e-22f8-4024-8adc-e2caaad1c2e2" } - [PSCustomObject]@{ Name = "Financial statement"; Id = "c31bfef9-8045-4a35-88a3-74b8681615c2" } - [PSCustomObject]@{ Name = "Freight Documents"; Id = "785917ed-db01-43c7-8153-8a6fc393efa3" } - [PSCustomObject]@{ Name = "Garnishment"; Id = "65e827c3-f8e8-4bc8-b08c-c31e3132b832" } - [PSCustomObject]@{ Name = "Gifts \u0026 entertainment"; Id = "3b3d817a-9190-465b-af2d-9e856f894059" } - [PSCustomObject]@{ Name = "Health/Medical forms"; Id = "7cc60f30-9e96-4d51-b26f-3d7a9df56338" } - [PSCustomObject]@{ Name = "Healthcare"; Id = "dcbada08-65bf-4561-b140-25d8fee4d143" } - [PSCustomObject]@{ Name = "HR"; Id = "11631f87-7ffe-4052-b173-abda16b231f3" } - [PSCustomObject]@{ Name = "Invoice"; Id = "bf7df7c3-fce4-4ffd-ab90-26f6463f3a00" } - [PSCustomObject]@{ Name = "IP"; Id = "495fad07-d6e4-4da4-9c64-5b9b109a5f59" } - [PSCustomObject]@{ Name = "IT"; Id = "77a140be-c29f-4155-9dc4-c3e247e47560" } - [PSCustomObject]@{ Name = "IT Infra and Network Security Documents"; Id = "bc55de38-cb72-43e6-952f-8422f584f229" } - [PSCustomObject]@{ Name = "Lease Deeds"; Id = "841f54ad-3e31-4ddd-aea0-e7f0cd6b3d18" } - [PSCustomObject]@{ Name = "Legal Affairs"; Id = "ba38aa0f-8c86-4c73-87db-95147a0f4420" } - [PSCustomObject]@{ Name = "Legal Agreements"; Id = "bee9cefb-88bd-410f-ab3e-67cab21cef46" } - [PSCustomObject]@{ Name = "Letter of Credits"; Id = "fd85acd5-59dd-49b2-a4c3-df7075885a82" } - [PSCustomObject]@{ Name = "License agreement"; Id = "b399eb17-c9c4-4205-951b-43f38eb8dffe" } - [PSCustomObject]@{ Name = "Loan agreements and offer letters"; Id = "5771fa57-34a1-48b3-93df-778b304daa54" } - [PSCustomObject]@{ Name = "M&A Files"; Id = "eeffbf7c-fd04-40ef-a156-b37bf61832f7" } - [PSCustomObject]@{ Name = "Manufacturing batch records"; Id = "834b2353-509a-4605-b4f1-fc2172a0d97c" } - [PSCustomObject]@{ Name = "Marketing Collaterals"; Id = "fcaa6d2a-601c-4bdc-947e-af1178a646ac" } - [PSCustomObject]@{ Name = "Meeting notes"; Id = "e7ff9a9e-4689-4192-b927-e6c6bdf099fc" } - [PSCustomObject]@{ Name = "Money laundering"; Id = "adbbb20e-b175-46e7-8ba2-cf3f3179d0ed" } - [PSCustomObject]@{ Name = "MoU Files (Memorandum of understanding)"; Id = "cb37c277-4b88-49c6-81fb-2eeca8c52bb9" } - [PSCustomObject]@{ Name = "Network Design files"; Id = "12587d70-9596-4c21-b09f-f1abe9d6ca13" } - [PSCustomObject]@{ Name = "Non disclosure agreement"; Id = "8dfd10db-0c72-4be4-a4f2-f615fe7aeb1c" } - [PSCustomObject]@{ Name = "OSHA records"; Id = "b11b771e-7dd1-4434-873a-d648a16e969e" } - [PSCustomObject]@{ Name = "Paystub"; Id = "31c11384-2d64-4635-9335-018295c64268" } - [PSCustomObject]@{ Name = "Personal Financial Information"; Id = "6901c616-5857-432f-b3da-f5234fa1d342" } - [PSCustomObject]@{ Name = "Procurement"; Id = "8fa64a47-6e77-4b4c-91a5-0f67525cebf5" } - [PSCustomObject]@{ Name = "Profanity"; Id = "4b0aa61d-37dc-4596-a1f1-fc5a5b21d56b" } - [PSCustomObject]@{ Name = "Project documents"; Id = "e062df90-816c-47ca-8913-db647510d3b5" } - [PSCustomObject]@{ Name = "Quality assurance files"; Id = "97b1e0d3-7788-4dd4-bb18-48ea77796743" } - [PSCustomObject]@{ Name = "Quotation"; Id = "3882e681-c437-42d8-ac75-1f9b7481fe13" } - [PSCustomObject]@{ Name = "Regulatory Collusion"; Id = "911b7815-6883-4022-a882-9cbe9462f114" } - [PSCustomObject]@{ Name = "Resume"; Id = "14b2da41-0427-47e9-a11b-c924e1d05689" } - [PSCustomObject]@{ Name = "Safety Records"; Id = "938fb100-5b1f-4bbb-aba7-73d9c89d086f" } - [PSCustomObject]@{ Name = "Sales and revenue"; Id = "9d6b864d-28c6-4be3-a9d0-cd40434a847f" } - [PSCustomObject]@{ Name = "Software Product Development Files"; Id = "813aa6d8-0727-48d8-acb7-06e1819ee339" } - [PSCustomObject]@{ Name = "Source code"; Id = "8aef6743-61aa-44b9-9ae5-3bb3d77df535" } - [PSCustomObject]@{ Name = "Standard Operating Procedures and Manuals"; Id = "32f23ad4-2ca1-4495-8048-8dc567891644" } - [PSCustomObject]@{ Name = "Statement of Accounts"; Id = "fe3676a6-0f5d-4990-bb46-9b2b31d7746a" } - [PSCustomObject]@{ Name = "Statement of Work"; Id = "611c95f9-b1ef-4253-8b36-d8ae19d02fb0" } - [PSCustomObject]@{ Name = "Stock manipulation"; Id = "1140cd79-ad87-4043-a562-c768acacc6ba" } - [PSCustomObject]@{ Name = "Strategic planning documents"; Id = "9332b317-2ca4-413a-b983-92a1bd88c6f3" } - [PSCustomObject]@{ Name = "Targeted Harassment"; Id = "a02ddb8e-3c93-44ac-87c1-2f682b1cb78e" } - [PSCustomObject]@{ Name = "Tax"; Id = "9722b51a-f920-4a81-8390-b188a0692840" } - [PSCustomObject]@{ Name = "Threat"; Id = "ef2edb64-6982-4648-b0ad-c0d8a861501b" } - [PSCustomObject]@{ Name = "Unauthorized disclosure"; Id = "839aecf8-c67b-4270-8aaf-378127b23b7f" } - [PSCustomObject]@{ Name = "Wire transfer"; Id = "05fc5ed0-58ef-4306-b65c-11b0a43895c2" } - [PSCustomObject]@{ Name = "Work Schedules"; Id = "25bb9d2d-a5b5-45b1-882e-b2581a183873" } + [PSCustomObject]@{ Name = 'Actuary reports'; Id = 'b27df2ee-fd14-4ce9-b02f-4070a5d68132' } + [PSCustomObject]@{ Name = 'Agreements'; Id = '7f12e403-5335-4da8-a91e-6c2210b7a2b1' } + [PSCustomObject]@{ Name = 'Asset Management'; Id = '716fb550-90cd-493b-b29b-ceed41ee8a6f' } + [PSCustomObject]@{ Name = 'Bank statement'; Id = 'f426bd16-e42e-4397-824b-f17dedc5bb1c' } + [PSCustomObject]@{ Name = 'Budget'; Id = '6f207592-f71e-4b4f-8c07-ebc4bd4965b9' } + [PSCustomObject]@{ Name = 'Business Context'; Id = '08b772df-bf93-457f-be23-b5cbf02005fd' } + [PSCustomObject]@{ Name = 'Business plan'; Id = '693f8221-ae4e-4612-80f5-746efee167c3' } + [PSCustomObject]@{ Name = 'Completion Certificates'; Id = 'b2580781-286b-4ad2-ab47-84e84ff331e5' } + [PSCustomObject]@{ Name = 'Compliance policies'; Id = 'fdad8089-651b-4877-8b66-be105b2e57da' } + [PSCustomObject]@{ Name = 'Construction specifications'; Id = 'bfde18ef-b4b9-4f30-9965-ef8d00861a2c' } + [PSCustomObject]@{ Name = 'Control System and SCADA files'; Id = '59f1f471-687d-453b-a73e-0b0e9f350812' } + [PSCustomObject]@{ Name = 'Corporate Sabotage'; Id = 'd88960c3-6101-43d9-9250-8c43c71d638a' } + [PSCustomObject]@{ Name = 'Credit Report'; Id = '07ce7d30-690a-4a1c-a331-8df9c944f1ab' } + [PSCustomObject]@{ Name = 'Customer Complaints'; Id = '8137d8fc-fb7a-40db-9009-284f962fde96' } + [PSCustomObject]@{ Name = 'Customer Files'; Id = 'fdff9df2-03ba-4372-be97-82c0d2515118' } + [PSCustomObject]@{ Name = 'Discrimination'; Id = 'a65c4ab6-a155-11eb-921c-6c0b84aa8ea5' } + [PSCustomObject]@{ Name = 'Employee disciplinary action files'; Id = '769d56c1-e737-4fc1-8673-8c99bbe24a07' } + [PSCustomObject]@{ Name = 'Employee Insurance files'; Id = 'fa982a9f-9454-4885-a2bf-94a155df2f33' } + [PSCustomObject]@{ Name = 'Employee Pension Records'; Id = 'f9ae0bbc-a1e0-4b7e-a96a-eb60b26b4434' } + [PSCustomObject]@{ Name = 'Employee Stocks and Financial Bond Records'; Id = 'a67b2b59-c5f0-4c66-a6c4-ca6973adfd94' } + [PSCustomObject]@{ Name = 'Employment Agreement'; Id = '2a2baab7-b82c-4166-bbe4-55f9d3fd1129' } + [PSCustomObject]@{ Name = 'Enterprise Risk Management'; Id = 'eed09aae-6f32-47c7-9c99-9d17bad48783' } + [PSCustomObject]@{ Name = 'Environmental permits and clearances'; Id = '1b7d3e51-0ecf-41bd-9794-966c94a889ba' } + [PSCustomObject]@{ Name = 'Facility Permits'; Id = '914c5379-9d05-47cb-98f0-f5a2be059b5a' } + [PSCustomObject]@{ Name = 'factory Incident Investigation reports'; Id = '86186144-d507-4603-bac7-50b56ba05c70' } + [PSCustomObject]@{ Name = 'Finance'; Id = '1771481d-a337-4dbf-8e64-af8da0cc3ee9' } + [PSCustomObject]@{ Name = 'Finance policies and procedures'; Id = '6556c5eb-0819-4618-ba2e-59925925655e' } + [PSCustomObject]@{ Name = 'Financial Audit Reports'; Id = 'b04b2a4e-22f8-4024-8adc-e2caaad1c2e2' } + [PSCustomObject]@{ Name = 'Financial statement'; Id = 'c31bfef9-8045-4a35-88a3-74b8681615c2' } + [PSCustomObject]@{ Name = 'Freight Documents'; Id = '785917ed-db01-43c7-8153-8a6fc393efa3' } + [PSCustomObject]@{ Name = 'Garnishment'; Id = '65e827c3-f8e8-4bc8-b08c-c31e3132b832' } + [PSCustomObject]@{ Name = 'Gifts \u0026 entertainment'; Id = '3b3d817a-9190-465b-af2d-9e856f894059' } + [PSCustomObject]@{ Name = 'Health/Medical forms'; Id = '7cc60f30-9e96-4d51-b26f-3d7a9df56338' } + [PSCustomObject]@{ Name = 'Healthcare'; Id = 'dcbada08-65bf-4561-b140-25d8fee4d143' } + [PSCustomObject]@{ Name = 'HR'; Id = '11631f87-7ffe-4052-b173-abda16b231f3' } + [PSCustomObject]@{ Name = 'Invoice'; Id = 'bf7df7c3-fce4-4ffd-ab90-26f6463f3a00' } + [PSCustomObject]@{ Name = 'IP'; Id = '495fad07-d6e4-4da4-9c64-5b9b109a5f59' } + [PSCustomObject]@{ Name = 'IT'; Id = '77a140be-c29f-4155-9dc4-c3e247e47560' } + [PSCustomObject]@{ Name = 'IT Infra and Network Security Documents'; Id = 'bc55de38-cb72-43e6-952f-8422f584f229' } + [PSCustomObject]@{ Name = 'Lease Deeds'; Id = '841f54ad-3e31-4ddd-aea0-e7f0cd6b3d18' } + [PSCustomObject]@{ Name = 'Legal Affairs'; Id = 'ba38aa0f-8c86-4c73-87db-95147a0f4420' } + [PSCustomObject]@{ Name = 'Legal Agreements'; Id = 'bee9cefb-88bd-410f-ab3e-67cab21cef46' } + [PSCustomObject]@{ Name = 'Letter of Credits'; Id = 'fd85acd5-59dd-49b2-a4c3-df7075885a82' } + [PSCustomObject]@{ Name = 'License agreement'; Id = 'b399eb17-c9c4-4205-951b-43f38eb8dffe' } + [PSCustomObject]@{ Name = 'Loan agreements and offer letters'; Id = '5771fa57-34a1-48b3-93df-778b304daa54' } + [PSCustomObject]@{ Name = 'M&A Files'; Id = 'eeffbf7c-fd04-40ef-a156-b37bf61832f7' } + [PSCustomObject]@{ Name = 'Manufacturing batch records'; Id = '834b2353-509a-4605-b4f1-fc2172a0d97c' } + [PSCustomObject]@{ Name = 'Marketing Collaterals'; Id = 'fcaa6d2a-601c-4bdc-947e-af1178a646ac' } + [PSCustomObject]@{ Name = 'Meeting notes'; Id = 'e7ff9a9e-4689-4192-b927-e6c6bdf099fc' } + [PSCustomObject]@{ Name = 'Money laundering'; Id = 'adbbb20e-b175-46e7-8ba2-cf3f3179d0ed' } + [PSCustomObject]@{ Name = 'MoU Files (Memorandum of understanding)'; Id = 'cb37c277-4b88-49c6-81fb-2eeca8c52bb9' } + [PSCustomObject]@{ Name = 'Network Design files'; Id = '12587d70-9596-4c21-b09f-f1abe9d6ca13' } + [PSCustomObject]@{ Name = 'Non disclosure agreement'; Id = '8dfd10db-0c72-4be4-a4f2-f615fe7aeb1c' } + [PSCustomObject]@{ Name = 'OSHA records'; Id = 'b11b771e-7dd1-4434-873a-d648a16e969e' } + [PSCustomObject]@{ Name = 'Paystub'; Id = '31c11384-2d64-4635-9335-018295c64268' } + [PSCustomObject]@{ Name = 'Personal Financial Information'; Id = '6901c616-5857-432f-b3da-f5234fa1d342' } + [PSCustomObject]@{ Name = 'Procurement'; Id = '8fa64a47-6e77-4b4c-91a5-0f67525cebf5' } + [PSCustomObject]@{ Name = 'Profanity'; Id = '4b0aa61d-37dc-4596-a1f1-fc5a5b21d56b' } + [PSCustomObject]@{ Name = 'Project documents'; Id = 'e062df90-816c-47ca-8913-db647510d3b5' } + [PSCustomObject]@{ Name = 'Quality assurance files'; Id = '97b1e0d3-7788-4dd4-bb18-48ea77796743' } + [PSCustomObject]@{ Name = 'Quotation'; Id = '3882e681-c437-42d8-ac75-1f9b7481fe13' } + [PSCustomObject]@{ Name = 'Regulatory Collusion'; Id = '911b7815-6883-4022-a882-9cbe9462f114' } + [PSCustomObject]@{ Name = 'Resume'; Id = '14b2da41-0427-47e9-a11b-c924e1d05689' } + [PSCustomObject]@{ Name = 'Safety Records'; Id = '938fb100-5b1f-4bbb-aba7-73d9c89d086f' } + [PSCustomObject]@{ Name = 'Sales and revenue'; Id = '9d6b864d-28c6-4be3-a9d0-cd40434a847f' } + [PSCustomObject]@{ Name = 'Software Product Development Files'; Id = '813aa6d8-0727-48d8-acb7-06e1819ee339' } + [PSCustomObject]@{ Name = 'Source code'; Id = '8aef6743-61aa-44b9-9ae5-3bb3d77df535' } + [PSCustomObject]@{ Name = 'Standard Operating Procedures and Manuals'; Id = '32f23ad4-2ca1-4495-8048-8dc567891644' } + [PSCustomObject]@{ Name = 'Statement of Accounts'; Id = 'fe3676a6-0f5d-4990-bb46-9b2b31d7746a' } + [PSCustomObject]@{ Name = 'Statement of Work'; Id = '611c95f9-b1ef-4253-8b36-d8ae19d02fb0' } + [PSCustomObject]@{ Name = 'Stock manipulation'; Id = '1140cd79-ad87-4043-a562-c768acacc6ba' } + [PSCustomObject]@{ Name = 'Strategic planning documents'; Id = '9332b317-2ca4-413a-b983-92a1bd88c6f3' } + [PSCustomObject]@{ Name = 'Targeted Harassment'; Id = 'a02ddb8e-3c93-44ac-87c1-2f682b1cb78e' } + [PSCustomObject]@{ Name = 'Tax'; Id = '9722b51a-f920-4a81-8390-b188a0692840' } + [PSCustomObject]@{ Name = 'Threat'; Id = 'ef2edb64-6982-4648-b0ad-c0d8a861501b' } + [PSCustomObject]@{ Name = 'Unauthorized disclosure'; Id = '839aecf8-c67b-4270-8aaf-378127b23b7f' } + [PSCustomObject]@{ Name = 'Wire transfer'; Id = '05fc5ed0-58ef-4306-b65c-11b0a43895c2' } + [PSCustomObject]@{ Name = 'Work Schedules'; Id = '25bb9d2d-a5b5-45b1-882e-b2581a183873' } ) function Get-TargetResource @@ -539,7 +539,7 @@ function Get-TargetResource $currConditions = $label.Conditions | ConvertFrom-Json $getConditions = @{ - Groups = @() + Groups = @() Operator = '' } @@ -551,7 +551,7 @@ function Get-TargetResource $groups = foreach ($group in $currConditions.$($operator)) { $grpObject = @{ - Name = '' + Name = '' Operator = '' } @@ -559,7 +559,7 @@ function Get-TargetResource $grpObject.Operator = $grpOperator $grpName = '' - [array]$sensitiveInformationTypes = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'CCSI'}) + [array]$sensitiveInformationTypes = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'CCSI' }) { if ([String]::IsNullOrEmpty($grpName)) { @@ -577,10 +577,10 @@ function Get-TargetResource } $settingsObject = @{ - name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value + name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value confidencelevel = ($item.Settings | Where-Object { $_.Key -eq 'confidencelevel' }).Value - mincount = ($item.Settings | Where-Object { $_.Key -eq 'mincount' }).Value - maxcount = ($item.Settings | Where-Object { $_.Key -eq 'maxcount' }).Value + mincount = ($item.Settings | Where-Object { $_.Key -eq 'mincount' }).Value + maxcount = ($item.Settings | Where-Object { $_.Key -eq 'maxcount' }).Value } if ($null -ne ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' })) @@ -592,7 +592,7 @@ function Get-TargetResource $settingsObject } - [array]$trainableClassifiers = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'ContentMatchesModule'}) + [array]$trainableClassifiers = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'ContentMatchesModule' }) { if ([String]::IsNullOrEmpty($grpName)) { @@ -601,7 +601,7 @@ function Get-TargetResource @{ name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value - id = $item.Value + id = $item.Value } } @@ -959,7 +959,7 @@ function Set-TargetResource Write-Verbose 'Generating required JSON string for AutoLabelingSettings' Write-Verbose 'Retrieving all existing Sensitive Information Types' - $existingSITs = Get-DlpSensitiveInformationType | Select-Object -Property Name,Id, RulePackId + $existingSITs = Get-DlpSensitiveInformationType | Select-Object -Property Name, Id, RulePackId # Convert the AutoLabelingSettings to the correct JSON format, ready to be inserted into the label cmdlets $autoLabelingSettingsHT = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $AutoLabelingSettings @@ -980,40 +980,40 @@ function Set-TargetResource [array]$settingsCollection = foreach ($setting in ($sit.Keys | Where-Object { $_ -ne 'id' })) { @{ - Key = $setting + Key = $setting Value = $sit[$setting] } } $settingsCollection += @{ - Key = "rulepackage" - Value = $currentSIT.RulePackId + Key = 'rulepackage' + Value = $currentSIT.RulePackId } $settingsCollection += @{ - Key = "groupname" - Value = $group.Name + Key = 'groupname' + Value = $group.Name } - if ($autoLabelingSettingsHT.ContainsKey("PolicyTip")) + if ($autoLabelingSettingsHT.ContainsKey('PolicyTip')) { $settingsCollection += @{ - Key = "policytip" - Value = $autoLabelingSettingsHT.PolicyTip + Key = 'policytip' + Value = $autoLabelingSettingsHT.PolicyTip } } - if ($autoLabelingSettingsHT.ContainsKey("AutoApplyType") -and $autoLabelingSettingsHT.AutoApplyType -eq 'Recommend') + if ($autoLabelingSettingsHT.ContainsKey('AutoApplyType') -and $autoLabelingSettingsHT.AutoApplyType -eq 'Recommend') { $settingsCollection += @{ - Key = "autoapplytype" - Value = $autoLabelingSettingsHT.AutoApplyType + Key = 'autoapplytype' + Value = $autoLabelingSettingsHT.AutoApplyType } } $groupCollection += @{ - Key = 'CCSI' - Value = $currentSIT.Id + Key = 'CCSI' + Value = $currentSIT.Id Properties = $null - Settings = $settingsCollection + Settings = $settingsCollection } } @@ -1024,10 +1024,10 @@ function Set-TargetResource if ($null -ne $currentTrainableClassifier) { if ([String]::IsNullOrEmpty($trainableClassifier.id) -eq $false -and ` - $trainableClassifier.id -ne $currentTrainableClassifier.Id) + $trainableClassifier.id -ne $currentTrainableClassifier.Id) { Write-Verbose ("[WARNING] Provided ID ($($trainableClassifier.id)) does not match the known " + ` - "ID ($($currentTrainableClassifier.id)) for trainable classifier '$($trainableClassifier.name)'.") + "ID ($($currentTrainableClassifier.id)) for trainable classifier '$($trainableClassifier.name)'.") } $requiredId = $currentTrainableClassifier.Id } @@ -1043,36 +1043,36 @@ function Set-TargetResource [array]$settingsCollection = foreach ($key in ($trainableClassifier.Keys | Where-Object { $_ -ne 'id' })) { @{ - Key = $key + Key = $key Value = $trainableClassifier[$key] } } $settingsCollection += @{ - Key = "groupname" - Value = $group.Name + Key = 'groupname' + Value = $group.Name } - if ($autoLabelingSettingsHT.ContainsKey("PolicyTip")) + if ($autoLabelingSettingsHT.ContainsKey('PolicyTip')) { $settingsCollection += @{ - Key = "policytip" - Value = $autoLabelingSettingsHT.PolicyTip + Key = 'policytip' + Value = $autoLabelingSettingsHT.PolicyTip } } - if ($autoLabelingSettingsHT.ContainsKey("AutoApplyType") -and $autoLabelingSettingsHT.AutoApplyType -eq 'Recommend') + if ($autoLabelingSettingsHT.ContainsKey('AutoApplyType') -and $autoLabelingSettingsHT.AutoApplyType -eq 'Recommend') { $settingsCollection += @{ - Key = "autoapplytype" - Value = $autoLabelingSettingsHT.AutoApplyType + Key = 'autoapplytype' + Value = $autoLabelingSettingsHT.AutoApplyType } } $groupCollection += @{ - Key = 'ContentMatchesModule' - Value = $requiredId + Key = 'ContentMatchesModule' + Value = $requiredId Properties = $null - Settings = $settingsCollection + Settings = $settingsCollection } } @@ -2162,7 +2162,7 @@ function ConvertTo-AutoLabelingSettingsString $AutoLabelingSettings ) - $StringContent = "" + $StringContent = '' foreach ($autoLabelingSetting in $AutoLabelingSettings) { $StringContent += " MSFT_SCSLAutoLabelingSettings`r`n" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 index f7b15aa1e3..bbd70a101c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/MSFT_SCUnifiedAuditLogRetentionPolicy.psm1 @@ -21,7 +21,7 @@ function Get-TargetResource $RecordTypes, [Parameter()] - [ValidateSet("SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears")] + [ValidateSet('SevenDays', 'OneMonth', 'ThreeMonths', 'SixMonths', 'NineMonths', 'TwelveMonths', 'ThreeYears', 'FiveYears', 'SevenYears', 'TenYears')] [System.String] $RetentionDuration, @@ -147,7 +147,7 @@ function Set-TargetResource $RecordTypes, [Parameter(Mandatory = $true)] - [ValidateSet("SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears")] + [ValidateSet('SevenDays', 'OneMonth', 'ThreeMonths', 'SixMonths', 'NineMonths', 'TwelveMonths', 'ThreeYears', 'FiveYears', 'SevenYears', 'TenYears')] [System.String] $RetentionDuration, @@ -233,7 +233,7 @@ function Set-TargetResource $UpdateParameters = ([Hashtable]$BoundParameters).Clone() $UpdateParameters.Remove('Verbose') | Out-Null $UpdateParameters.Remove('Name') | Out-Null - $UpdateParameters.Add('Identity', $currentInstance.Identity) | Out-Null + $UpdateParameters.Add('Identity', $currentInstance.Identity) | Out-Null $keys = $UpdateParameters.Keys foreach ($key in $keys) @@ -282,7 +282,7 @@ function Test-TargetResource $RecordTypes, [Parameter(Mandatory = $true)] - [ValidateSet("SevenDays", "OneMonth", "ThreeMonths", "SixMonths", "NineMonths", "TwelveMonths", "ThreeYears", "FiveYears", "SevenYears", "TenYears")] + [ValidateSet('SevenDays', 'OneMonth', 'ThreeMonths', 'SixMonths', 'NineMonths', 'TwelveMonths', 'ThreeYears', 'FiveYears', 'SevenYears', 'TenYears')] [System.String] $RetentionDuration, @@ -394,7 +394,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -437,19 +437,19 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Name = $config.Name - Priority = $config.Priority - RetentionDuration = $config.RetentionDuration - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Name = $config.Name + Priority = $config.Priority + RetentionDuration = $config.RetentionDuration + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint - ApplicationSecret = $ApplicationSecret + ApplicationSecret = $ApplicationSecret } $Results = Get-TargetResource @Params - $Results.Remove("Identity") | Out-Null + $Results.Remove('Identity') | Out-Null $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json index b975389e7d..3626ebcbf5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCUnifiedAuditLogRetentionPolicy/settings.json @@ -1,5 +1,5 @@ { "resourceName": "SCUnifiedAuditLogRetentionPolicy", "description": "The resource configured the Unified Audit Log Retention Policy in the Security and Compliance.", - "permissions":[] + "permissions": [] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index 687543a436..3d02a61f7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -451,7 +451,7 @@ function Test-TargetResource 'ExternalServicesEnabled', ` 'EmailAttestationRequired', ` 'EmailAttestationReAuthDays', - 'ConditionalAccessPolicy', ` + 'ConditionalAccessPolicy', ` 'EnableRestrictedAccessControl') Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/MSFT_SPORetentionLabelsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/MSFT_SPORetentionLabelsSettings.psm1 new file mode 100644 index 0000000000..30ce946dac --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/MSFT_SPORetentionLabelsSettings.psm1 @@ -0,0 +1,420 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $AllowFilesWithKeepLabelToBeDeletedODB, + + [Parameter()] + [System.Boolean] + $AllowFilesWithKeepLabelToBeDeletedSPO, + + [Parameter()] + [System.Boolean] + $AdvancedRecordVersioningDisabled, + + [Parameter()] + [System.Boolean] + $MetadataEditBlockingEnabled, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + New-M365DSCConnection -Workload 'PnP' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $AllowFilesWithKeepLabelToBeDeletedODBValue = Invoke-M365DSCSPORetentionLabelsSetting -CommandName 'GetAllowFilesWithKeepLabelToBeDeletedODB' + $AllowFilesWithKeepLabelToBeDeletedSPOValue = Invoke-M365DSCSPORetentionLabelsSetting -CommandName 'GetAllowFilesWithKeepLabelToBeDeletedSPO' + $AdvancedRecordVersioningDisabledValue = Invoke-M365DSCSPORetentionLabelsSetting -CommandName 'GetAdvancedRecordVersioningDisabled' + $MetadataEditBlockingEnabledValue = Invoke-M365DSCSPORetentionLabelsSetting -CommandName 'GetMetadataEditBlockingEnabled' + try + { + + $results = @{ + IsSingleInstance = 'Yes' + AllowFilesWithKeepLabelToBeDeletedODB = $AllowFilesWithKeepLabelToBeDeletedODBValue + AllowFilesWithKeepLabelToBeDeletedSPO = $AllowFilesWithKeepLabelToBeDeletedSPOValue + AdvancedRecordVersioningDisabled = $AdvancedRecordVersioningDisabledValue + MetadataEditBlockingEnabled = $MetadataEditBlockingEnabledValue + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $AllowFilesWithKeepLabelToBeDeletedODB, + + [Parameter()] + [System.Boolean] + $AllowFilesWithKeepLabelToBeDeletedSPO, + + [Parameter()] + [System.Boolean] + $AdvancedRecordVersioningDisabled, + + [Parameter()] + [System.Boolean] + $MetadataEditBlockingEnabled, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + if ($AllowFilesWithKeepLabelToBeDeletedODB -ne $currentInstance.AllowFilesWithKeepLabelToBeDeletedODB) + { + Write-verbose -Message "Updating AllowFilesWithKeepLabelToBeDeletedODB with value {$AllowFilesWithKeepLabelToBeDeletedODB}" + Invoke-M365DSCSPORetentionLabelsSetting -CommandName "SetAllowFilesWithKeepLabelToBeDeletedODB" ` + -Method 'POST' ` + -Body @{allowDeletion = $AllowFilesWithKeepLabelToBeDeletedODB} + } + if ($AllowFilesWithKeepLabelToBeDeletedSPO -ne $currentInstance.AllowFilesWithKeepLabelToBeDeletedSPO) + { + Write-verbose -Message "Updating AllowFilesWithKeepLabelToBeDeletedSPO with value {$AllowFilesWithKeepLabelToBeDeletedSPO}" + Invoke-M365DSCSPORetentionLabelsSetting -CommandName "SetAllowFilesWithKeepLabelToBeDeletedSPO" ` + -Method 'POST' ` + -Body @{allowDeletion = $AllowFilesWithKeepLabelToBeDeletedSPO} + } + if ($AdvancedRecordVersioningDisabled -ne $currentInstance.AdvancedRecordVersioningDisabled) + { + Write-verbose -Message "Updating AdvancedRecordVersioningDisabled with value {$AdvancedRecordVersioningDisabled}" + Invoke-M365DSCSPORetentionLabelsSetting -CommandName "SetAdvancedRecordVersioningDisabled" ` + -Method 'POST' ` + -Body @{disabled = $AdvancedRecordVersioningDisabled} + } + if ($MetadataEditBlockingEnabled -ne $currentInstance.MetadataEditBlockingEnabled) + { + Write-verbose -Message "Updating MetadataEditBlockingEnabled with value {$MetadataEditBlockingEnabled}" + Invoke-M365DSCSPORetentionLabelsSetting -CommandName "SetMetadataEditBlockingEnabled" ` + -Method 'POST' ` + -Body @{enabled = $MetadataEditBlockingEnabled} + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [System.String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $AllowFilesWithKeepLabelToBeDeletedODB, + + [Parameter()] + [System.Boolean] + $AllowFilesWithKeepLabelToBeDeletedSPO, + + [Parameter()] + [System.Boolean] + $AdvancedRecordVersioningDisabled, + + [Parameter()] + [System.Boolean] + $MetadataEditBlockingEnabled, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + + $dscContent = '' + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Invoke-M365DSCSPORetentionLabelsSetting +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter(Mandatory = $true)] + [System.String] + $CommandName, + + [Parameter()] + [System.String] + $Method = "GET", + + [Parameter()] + [System.Collections.Hashtable] + $Body + ) + + try + { + $url = $($MSCloudLoginConnectionProfile.SharePointOnlineREST.AdminUrl) + ` + "/_api/SP.CompliancePolicy.SPPolicyStoreProxy.$($CommandName)/" + + $invokeParams = @{ + Url = $url + Method = $Method + Content = $Body + } + + $result = Invoke-PnPSPRestMethod @invokeParams + + if ($Method -eq 'GET') + { + return $result.Value + } + } + catch + { + throw $_ + } + + return $true +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/MSFT_SPORetentionLabelsSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/MSFT_SPORetentionLabelsSettings.schema.mof new file mode 100644 index 0000000000..76c83ccd4d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/MSFT_SPORetentionLabelsSettings.schema.mof @@ -0,0 +1,16 @@ +[ClassVersion("1.0.0.0"), FriendlyName("SPORetentionLabelsSettings")] +class MSFT_SPORetentionLabelsSettings : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"),ValueMap{"Yes"},Values{"Yes"}] String IsSingleInstance; + [Write, Description("Set whether files with Keep Label can be deleted in OneDrive for Business.")] Boolean AllowFilesWithKeepLabelToBeDeletedODB; + [Write, Description("Set whether files with Keep Label can be deleted in SharePoint Online.")] Boolean AllowFilesWithKeepLabelToBeDeletedSPO; + [Write, Description("Set to enable or disable the advanced record versioning.")] Boolean AdvancedRecordVersioningDisabled; + [Write, Description("Set metadata edit blocking enabled setting.")] Boolean MetadataEditBlockingEnabled; + + [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/readme.md new file mode 100644 index 0000000000..c13be088a9 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/readme.md @@ -0,0 +1,6 @@ + +# SPORetentionLabelsSettings + +## Description + +Configures the retention label settings. This setting is accessible via the Purview Record Management settings screen. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/settings.json new file mode 100644 index 0000000000..6eb263431c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPORetentionLabelsSettings/settings.json @@ -0,0 +1,34 @@ +{ + "resourceName": "SPORetentionLabelsSettings", + "description": "Configures the retention label settings. This setting is accessible via the Purview Record Management settings screen.", + "roles": { + "read": [], + "update": [] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "sharepoint": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + "Sites.FullControl.All" + ], + "update": [ + "Sites.FullControl.All" + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index 2d206db2ee..d5ff15a26c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -173,7 +173,7 @@ function Get-TargetResource try { $SPOSharingSettings = Get-PnPTenant -ErrorAction Stop - $MySite = Get-PnPTenantSite -Filter "Url -like '-my.sharepoint.'" | Where-Object -FilterScript { $_.Template -notmatch "^RedirectSite#" } + $MySite = Get-PnPTenantSite -Filter "Url -like '-my.sharepoint.'" | Where-Object -FilterScript { $_.Template -notmatch '^RedirectSite#' } if ($null -ne $MySite) { @@ -199,41 +199,41 @@ function Get-TargetResource $DefaultLinkPermission = $SPOSharingSettings.DefaultLinkPermission } $results = @{ - IsSingleInstance = 'Yes' - SharingCapability = $SPOSharingSettings.SharingCapability - ShowEveryoneClaim = $SPOSharingSettings.ShowEveryoneClaim - ShowAllUsersClaim = $SPOSharingSettings.ShowAllUsersClaim - ShowEveryoneExceptExternalUsersClaim = $SPOSharingSettings.ShowEveryoneExceptExternalUsersClaim - ProvisionSharedWithEveryoneFolder = $SPOSharingSettings.ProvisionSharedWithEveryoneFolder - EnableGuestSignInAcceleration = $SPOSharingSettings.EnableGuestSignInAcceleration - BccExternalSharingInvitations = $SPOSharingSettings.BccExternalSharingInvitations - BccExternalSharingInvitationsList = $SPOSharingSettings.BccExternalSharingInvitationsList - RequireAnonymousLinksExpireInDays = $SPOSharingSettings.RequireAnonymousLinksExpireInDays - ExternalUserExpireInDays = $SPOSharingSettings.ExternalUserExpireInDays - ExternalUserExpirationRequired = $SPOSharingSettings.ExternalUserExpirationRequired - SharingAllowedDomainList = $allowDomains - SharingBlockedDomainList = $blockDomains - SharingDomainRestrictionMode = $SPOSharingSettings.SharingDomainRestrictionMode - DefaultSharingLinkType = $SPOSharingSettings.DefaultSharingLinkType - PreventExternalUsersFromResharing = $SPOSharingSettings.PreventExternalUsersFromResharing - ShowPeoplePickerSuggestionsForGuestUsers = $SPOSharingSettings.ShowPeoplePickerSuggestionsForGuestUsers - FileAnonymousLinkType = $SPOSharingSettings.FileAnonymousLinkType - FolderAnonymousLinkType = $SPOSharingSettings.FolderAnonymousLinkType - NotifyOwnersWhenItemsReshared = $SPOSharingSettings.NotifyOwnersWhenItemsReshared - DefaultLinkPermission = $DefaultLinkPermission + IsSingleInstance = 'Yes' + SharingCapability = $SPOSharingSettings.SharingCapability + ShowEveryoneClaim = $SPOSharingSettings.ShowEveryoneClaim + ShowAllUsersClaim = $SPOSharingSettings.ShowAllUsersClaim + ShowEveryoneExceptExternalUsersClaim = $SPOSharingSettings.ShowEveryoneExceptExternalUsersClaim + ProvisionSharedWithEveryoneFolder = $SPOSharingSettings.ProvisionSharedWithEveryoneFolder + EnableGuestSignInAcceleration = $SPOSharingSettings.EnableGuestSignInAcceleration + BccExternalSharingInvitations = $SPOSharingSettings.BccExternalSharingInvitations + BccExternalSharingInvitationsList = $SPOSharingSettings.BccExternalSharingInvitationsList + RequireAnonymousLinksExpireInDays = $SPOSharingSettings.RequireAnonymousLinksExpireInDays + ExternalUserExpireInDays = $SPOSharingSettings.ExternalUserExpireInDays + ExternalUserExpirationRequired = $SPOSharingSettings.ExternalUserExpirationRequired + SharingAllowedDomainList = $allowDomains + SharingBlockedDomainList = $blockDomains + SharingDomainRestrictionMode = $SPOSharingSettings.SharingDomainRestrictionMode + DefaultSharingLinkType = $SPOSharingSettings.DefaultSharingLinkType + PreventExternalUsersFromResharing = $SPOSharingSettings.PreventExternalUsersFromResharing + ShowPeoplePickerSuggestionsForGuestUsers = $SPOSharingSettings.ShowPeoplePickerSuggestionsForGuestUsers + FileAnonymousLinkType = $SPOSharingSettings.FileAnonymousLinkType + FolderAnonymousLinkType = $SPOSharingSettings.FolderAnonymousLinkType + NotifyOwnersWhenItemsReshared = $SPOSharingSettings.NotifyOwnersWhenItemsReshared + DefaultLinkPermission = $DefaultLinkPermission #DEPRECATED #RequireAcceptingAccountMatchInvitedAccount = $SPOSharingSettings.RequireAcceptingAccountMatchInvitedAccount - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificatePassword = $CertificatePassword - CertificatePath = $CertificatePath - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - Ensure = 'Present' - AccessTokens = $AccessTokens + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificatePassword = $CertificatePassword + CertificatePath = $CertificatePath + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + Ensure = 'Present' + AccessTokens = $AccessTokens } if (-not [System.String]::IsNullOrEmpty($MySiteSharingCapability)) @@ -526,7 +526,7 @@ function Set-TargetResource Set-PnPTenant @CurrentParameters | Out-Null if ($SetMySharingCapability) { - $mysite = Get-PnPTenantSite -Filter "Url -like '-my.sharepoint.'" | Where-Object -FilterScript { $_.Template -notmatch "^RedirectSite#" } + $mysite = Get-PnPTenantSite -Filter "Url -like '-my.sharepoint.'" | Where-Object -FilterScript { $_.Template -notmatch '^RedirectSite#' } Set-PnPTenantSite -Identity $mysite.Url -SharingCapability $MySiteSharingCapability } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index b52a11dd1a..ae9cc174be 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -206,13 +206,13 @@ function Get-TargetResource # Additional Properties via REST $parametersToRetrieve = @('ExemptNativeUsersFromTenantLevelRestricedAccessControl', - 'AllowSelectSGsInODBListInTenant', - 'DenySelectSGsInODBListInTenant', - 'DenySelectSecurityGroupsInSPSitesList', - 'AllowSelectSecurityGroupsInSPSitesList') + 'AllowSelectSGsInODBListInTenant', + 'DenySelectSGsInODBListInTenant', + 'DenySelectSecurityGroupsInSPSitesList', + 'AllowSelectSecurityGroupsInSPSitesList') $response = Invoke-PnPSPRestMethod -Method Get ` - -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" + -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" return @{ @@ -505,46 +505,46 @@ function Set-TargetResource if ($null -ne $ExemptNativeUsersFromTenantLevelRestricedAccessControl) { $needToUpdate = $true - $paramsToUpdate.Add("ExemptNativeUsersFromTenantLevelRestricedAccessControl", $ExemptNativeUsersFromTenantLevelRestricedAccessControl) + $paramsToUpdate.Add('ExemptNativeUsersFromTenantLevelRestricedAccessControl', $ExemptNativeUsersFromTenantLevelRestricedAccessControl) } if ($null -ne $AllowSelectSGsInODBListInTenant) { $needToUpdate = $true - $paramsToUpdate.Add("AllowSelectSGsInODBListInTenant", $AllowSelectSGsInODBListInTenant) + $paramsToUpdate.Add('AllowSelectSGsInODBListInTenant', $AllowSelectSGsInODBListInTenant) } if ($null -ne $DenySelectSGsInODBListInTenant) { $needToUpdate = $true - $paramsToUpdate.Add("DenySelectSGsInODBListInTenant", $DenySelectSGsInODBListInTenant) + $paramsToUpdate.Add('DenySelectSGsInODBListInTenant', $DenySelectSGsInODBListInTenant) } if ($null -ne $DenySelectSecurityGroupsInSPSitesList) { $needToUpdate = $true - $paramsToUpdate.Add("DenySelectSecurityGroupsInSPSitesList", $DenySelectSecurityGroupsInSPSitesList) + $paramsToUpdate.Add('DenySelectSecurityGroupsInSPSitesList', $DenySelectSecurityGroupsInSPSitesList) } if ($null -ne $AllowSelectSecurityGroupsInSPSitesList) { $needToUpdate = $true - $paramsToUpdate.Add("AllowSelectSecurityGroupsInSPSitesList", $AllowSelectSecurityGroupsInSPSitesList) + $paramsToUpdate.Add('AllowSelectSecurityGroupsInSPSitesList', $AllowSelectSecurityGroupsInSPSitesList) } if ($needToUpdate) { - Write-Verbose -Message "Updating properties via REST PATCH call." + Write-Verbose -Message 'Updating properties via REST PATCH call.' Invoke-PnPSPRestMethod -Method PATCH ` - -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant" ` - -Content $paramsToUpdate + -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant" ` + -Content $paramsToUpdate } } catch { - if ($_.Exception.Message.Contains("The requested operation is part of an experimental feature that is not supported in the current environment.")) + if ($_.Exception.Message.Contains('The requested operation is part of an experimental feature that is not supported in the current environment.')) { - Write-Verbose -Message "Updating via REST: The associated feature is not available in the given tenant." + Write-Verbose -Message 'Updating via REST: The associated feature is not available in the given tenant.' } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelAlertRule/MSFT_SentinelAlertRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelAlertRule/MSFT_SentinelAlertRule.psm1 index 77911ab204..e4dd52b9d4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelAlertRule/MSFT_SentinelAlertRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelAlertRule/MSFT_SentinelAlertRule.psm1 @@ -177,18 +177,18 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($Id)) { $instance = Get-M365DSCSentinelAlertRule -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Id $Id + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Id $Id } if ($null -eq $instance) { $instances = Get-M365DSCSentinelAlertRule -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId - $instance = $instances | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName} + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId + $instance = $instances | Where-Object -FilterScript { $_.properties.displayName -eq $DisplayName } } if ($null -eq $instance) { @@ -209,7 +209,7 @@ function Get-TargetResource if ($null -ne $instance.properties.customDetails) { $detailAsHash = @{} - $instance.properties.customDetails.psobject.properties | foreach { $detailAsHash[$_.Name] = $_.Value } + $instance.properties.customDetails.psobject.properties | ForEach-Object { $detailAsHash[$_.Name] = $_.Value } foreach ($key in $detailAsHash.Keys) { $CustomDetailsValue += @{ @@ -226,7 +226,7 @@ function Get-TargetResource foreach ($mapping in $instance.properties.entityMappings) { $entity = @{ - entityType = $mapping.entityType + entityType = $mapping.entityType fieldMappings = @() } @@ -266,7 +266,7 @@ function Get-TargetResource { $info = $instance.properties.incidentConfiguration $IncidentConfigurationValue = @{ - createIncident = [Boolean]::Parse($info.createIncident.ToString()) + createIncident = [Boolean]::Parse($info.createIncident.ToString()) groupingConfiguration = @{ enabled = $info.groupingConfiguration.enabled reopenClosedIncident = $info.groupingConfiguration.reopenClosedIncident @@ -280,42 +280,42 @@ function Get-TargetResource } $results = @{ - ProductFilter = $instance.properties.ProductFilter - Enabled = $instance.properties.Enabled - Severity = $instance.properties.Severity - Tactics = $instance.properties.Tactics - Techniques = $instance.properties.Techniques - SubTechniques = $instance.properties.SubTechniques - Query = $instance.properties.Query - QueryFrequency = $instance.properties.QueryFrequency - QueryPeriod = $instance.properties.QueryPeriod - TriggerOperator = $instance.properties.TriggerOperator - TriggerThreshold = $instance.properties.TriggerThreshold - SuppressionDuration = $instance.properties.SuppressionDuration - SuppressionEnabled = $instance.properties.SuppressionEnabled - AlertRuleTemplateName = $instance.properties.AlertRuleTemplateName - DisplayNamesExcludeFilter = $instance.properties.DisplayNamesExcludeFilter - DisplayNamesFilter = $instance.properties.DisplayNamesFilter - SeveritiesFilter = $instance.properties.SeveritiesFilter - DisplayName = $instance.properties.displayName - EventGroupingSettings = $EventGroupingValueSettingsValue - CustomDetails = $CustomDetailsValue - EntityMappings = $EntityMappingsValue - AlertDetailsOverride = $AlertDetailsOverrideValue - IncidentConfiguration = $IncidentConfigurationValue - SubscriptionId = $SubscriptionId - ResourceGroupName = $ResourceGroupName - WorkspaceName = $WorkspaceName - Id = $instance.name - Kind = $instance.kind - Description = $instance.properties.description - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + ProductFilter = $instance.properties.ProductFilter + Enabled = $instance.properties.Enabled + Severity = $instance.properties.Severity + Tactics = $instance.properties.Tactics + Techniques = $instance.properties.Techniques + SubTechniques = $instance.properties.SubTechniques + Query = $instance.properties.Query + QueryFrequency = $instance.properties.QueryFrequency + QueryPeriod = $instance.properties.QueryPeriod + TriggerOperator = $instance.properties.TriggerOperator + TriggerThreshold = $instance.properties.TriggerThreshold + SuppressionDuration = $instance.properties.SuppressionDuration + SuppressionEnabled = $instance.properties.SuppressionEnabled + AlertRuleTemplateName = $instance.properties.AlertRuleTemplateName + DisplayNamesExcludeFilter = $instance.properties.DisplayNamesExcludeFilter + DisplayNamesFilter = $instance.properties.DisplayNamesFilter + SeveritiesFilter = $instance.properties.SeveritiesFilter + DisplayName = $instance.properties.displayName + EventGroupingSettings = $EventGroupingValueSettingsValue + CustomDetails = $CustomDetailsValue + EntityMappings = $EntityMappingsValue + AlertDetailsOverride = $AlertDetailsOverrideValue + IncidentConfiguration = $IncidentConfigurationValue + SubscriptionId = $SubscriptionId + ResourceGroupName = $ResourceGroupName + WorkspaceName = $WorkspaceName + Id = $instance.name + Kind = $instance.kind + Description = $instance.properties.description + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return [System.Collections.Hashtable] $results } @@ -506,7 +506,7 @@ function Set-TargetResource if ($Kind -eq 'Fusion') { $instance = @{ - kind = $Kind + kind = $Kind properties = @{ alertRuleTemplateName = $AlertRuleTemplateName enabled = $Enabled @@ -516,7 +516,7 @@ function Set-TargetResource elseif ($Kind -eq 'MicrosoftSecurityIncidentCreation') { $instance = @{ - kind = $Kind + kind = $Kind properties = @{ displayName = $DisplayName description = $Description @@ -531,30 +531,30 @@ function Set-TargetResource elseif ($Kind -eq 'Scheduled') { $instance = @{ - kind = $Kind + kind = $Kind properties = @{ - displayName = $DisplayName - enabled = $Enabled - description = $Description - query = $Query - queryFrequency = $QueryFrequency - queryPeriod = $QueryPeriod - severity = $Severity - suppressionDuration = $SuppressionDuration - suppressionEnabled = $SuppressionEnabled - triggerOperator = $TriggerOperator - triggerThreshold = $TriggerThreshold - eventGroupingSettings = @{ + displayName = $DisplayName + enabled = $Enabled + description = $Description + query = $Query + queryFrequency = $QueryFrequency + queryPeriod = $QueryPeriod + severity = $Severity + suppressionDuration = $SuppressionDuration + suppressionEnabled = $SuppressionEnabled + triggerOperator = $TriggerOperator + triggerThreshold = $TriggerThreshold + eventGroupingSettings = @{ aggregationKind = $EventGroupingSettings.aggregationKind } - customDetails = @{} - alertDetailsOverride = @{ + customDetails = @{} + alertDetailsOverride = @{ alertDisplayNameFormat = $AlertDetailsOverride.alertDisplayNameFormat alertDescriptionFormat = $AlertDetailsOverride.alertDescriptionFormat alertDynamicProperties = @() } - entityMappings = @() - incidentConfiguration = @{ + entityMappings = @() + incidentConfiguration = @{ createIncident = $IncidentConfiguration.createIncident groupingConfiguration = @{ enabled = $IncidentConfiguration.groupingConfiguration.enabled @@ -566,17 +566,17 @@ function Set-TargetResource groupByCustomDetails = $IncidentConfiguration.groupingConfiguration.groupByCustomDetails } } - productFilter = $ProductFilter - displayNamesExcludeFilter = $DisplayNamesExcludeFilter - displayNamesFilter = $DisplayNamesFilter - severitiesFilter = $AlertSeverity + productFilter = $ProductFilter + displayNamesExcludeFilter = $DisplayNamesExcludeFilter + displayNamesFilter = $DisplayNamesFilter + severitiesFilter = $AlertSeverity } } foreach ($entity in $EntityMappings) { $entry = @{ - entityType = $entity.entityType + entityType = $entity.entityType fieldMappings = @() } @@ -607,26 +607,26 @@ function Set-TargetResource elseif ($Kind -eq 'NRT') { $instance = @{ - kind = $Kind + kind = $Kind properties = @{ - displayName = $DisplayName - enabled = $Enabled - description = $Description - query = $Query - severity = $Severity - suppressionDuration = $SuppressionDuration - suppressionEnabled = $SuppressionEnabled - eventGroupingSettings = @{ + displayName = $DisplayName + enabled = $Enabled + description = $Description + query = $Query + severity = $Severity + suppressionDuration = $SuppressionDuration + suppressionEnabled = $SuppressionEnabled + eventGroupingSettings = @{ aggregationKind = $EventGroupingSettings.aggregationKind } - alertDetailsOverride = @{ + alertDetailsOverride = @{ alertDisplayNameFormat = $AlertDetailsOverride.alertDisplayNameFormat alertDescriptionFormat = $AlertDetailsOverride.alertDescriptionFormat alertDynamicProperties = @() } - entityMappings = @() - customDetails = @{} - incidentConfiguration = @{ + entityMappings = @() + customDetails = @{} + incidentConfiguration = @{ createIncident = $IncidentConfiguration.createIncident groupingConfiguration = @{ enabled = $IncidentConfiguration.groupingConfiguration.enabled @@ -638,9 +638,9 @@ function Set-TargetResource groupByCustomDetails = $IncidentConfiguration.groupingConfiguration.groupByCustomDetails } } - techniques = $Techniques - subTechniques = $SubTechniques - tactics = $Tactics + techniques = $Techniques + subTechniques = $SubTechniques + tactics = $Tactics } } @@ -653,7 +653,7 @@ function Set-TargetResource foreach ($entity in $EntityMappings) { $entry = @{ - entityType = $entity.entityType + entityType = $entity.entityType fieldMappings = @() } @@ -688,31 +688,31 @@ function Set-TargetResource { Write-Verbose -Message "Creating new Alert Rule {$DisplayName}" New-M365DSCSentinelAlertRule -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Body $instance + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Body $instance } # UPDATE - elseif($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating Alert Rule {$DisplayName}" New-M365DSCSentinelAlertRule -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Body $instance ` - -Id $currentInstance.Id + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Body $instance ` + -Id $currentInstance.Id } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing Alert Rule {$DisplayName}" Remove-M365DSCSentinelAlertRule -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Id $currentInstance.Id + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Id $currentInstance.Id } } @@ -997,14 +997,14 @@ function Export-TargetResource } Write-Host " |---[$i/$($workspaces.Length)] $($workspace.Name)" -NoNewline - $subscriptionId = $workspace.ResourceId.Split('/')[2] + $subscriptionId = $workspace.ResourceId.Split('/')[2] $resourceGroupName = $workspace.ResourceGroupName - $workspaceName = $workspace.Name + $workspaceName = $workspace.Name $rules = Get-M365DSCSentinelAlertRule -SubscriptionId $subscriptionId ` - -ResourceGroupName $resourceGroupName ` - -WorkspaceName $workspaceName ` - -TenantId $TenantId + -ResourceGroupName $resourceGroupName ` + -WorkspaceName $workspaceName ` + -TenantId $TenantId $j = 1 if ($currentWatchLists.Length -eq 0 ) @@ -1320,7 +1320,7 @@ function New-M365DSCSentinelAlertRule if ($null -eq $Id) { - $uri += "providers/Microsoft.OperationalInsights/workspaces/$($WorkspaceName)/providers/Microsoft.SecurityInsights/alertrules/$((New-GUID).ToString())?api-version=2024-04-01-preview" + $uri += "providers/Microsoft.OperationalInsights/workspaces/$($WorkspaceName)/providers/Microsoft.SecurityInsights/alertrules/$((New-Guid).ToString())?api-version=2024-04-01-preview" } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 index 5d13b0e142..8f54467eb3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelSetting/MSFT_SentinelSetting.psm1 @@ -84,11 +84,11 @@ function Get-TargetResource $WorkspaceNameValue = $WorkspaceName if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $entry = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $WorkspaceName} + $entry = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $WorkspaceName } $instance = Get-AzSentinelSetting -ResourceGroupName $entry.ResourceGroupName ` - -WorkspaceName $entry.Name ` - -SubscriptionId $SubscriptionId ` - -ErrorAction SilentlyContinue + -WorkspaceName $entry.Name ` + -SubscriptionId $SubscriptionId ` + -ErrorAction SilentlyContinue $ResourceGroupNameValue = $entry.ResourceGroupName $WorkspaceNameValue = $entry.Name } @@ -96,9 +96,9 @@ function Get-TargetResource { Write-Verbose -Message "Retrieving Sentinel Settings for {$WorkspaceName}" $instance = Get-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -ErrorAction SilentlyContinue ` - -SubscriptionId $SubscriptionId + -WorkspaceName $WorkspaceName ` + -ErrorAction SilentlyContinue ` + -SubscriptionId $SubscriptionId } if ($null -eq $instance) { @@ -106,35 +106,35 @@ function Get-TargetResource } Write-Verbose -Message "Found an instance of Sentinel Workspace {$Workspace}" - $Anomalies = $instance | Where-Object -FilterScript {$_.Name -eq 'Anomalies'} + $Anomalies = $instance | Where-Object -FilterScript { $_.Name -eq 'Anomalies' } $AnomaliesIsEnabledValue = $false if ($null -ne $Anomalies) { - Write-Verbose -Message "Anomalies instance found." + Write-Verbose -Message 'Anomalies instance found.' $AnomaliesIsEnabledValue = $Anomalies.IsEnabled } - $EntityAnalytics = $instance | Where-Object -FilterScript {$_.Name -eq 'EntityAnalytics'} + $EntityAnalytics = $instance | Where-Object -FilterScript { $_.Name -eq 'EntityAnalytics' } $EntityAnalyticsIsEnabledValue = $false if ($null -ne $EntityAnalytics) { - Write-Verbose -Message "EntityAnalytics instance found." + Write-Verbose -Message 'EntityAnalytics instance found.' $EntityAnalyticsIsEnabledValue = $EntityAnalytics.IsEnabled } - $EyesOn = $instance | Where-Object -FilterScript {$_.Name -eq 'EyesOn'} + $EyesOn = $instance | Where-Object -FilterScript { $_.Name -eq 'EyesOn' } $EyesOnIsEnabledValue = $false if ($null -ne $EyesOn) { - Write-Verbose -Message "EyesOn instance found." + Write-Verbose -Message 'EyesOn instance found.' $EyesOnIsEnabledValue = $EyesOn.IsEnabled } - $Ueba = $instance | Where-Object -FilterScript {$_.Name -eq 'Ueba'} + $Ueba = $instance | Where-Object -FilterScript { $_.Name -eq 'Ueba' } $UebaDataSourceValue = $null if ($null -ne $Ueba) { - Write-Verbose -Message "UEBA Data source instance found." + Write-Verbose -Message 'UEBA Data source instance found.' $UebaDataSourceValue = $Ueba.DataSource } @@ -242,33 +242,33 @@ function Set-TargetResource { Write-Verbose -Message "Updating Anomalies IsEnabled value to {$AnomaliesIsEnabled}" Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -SettingsName "Anomalies" ` - -Enabled $AnomaliesIsEnabled | Out-Null + -WorkspaceName $WorkspaceName ` + -SettingsName 'Anomalies' ` + -Enabled $AnomaliesIsEnabled | Out-Null } if ($PSBoundParameters.ContainsKey('EntityAnalyticsIsEnabled')) { Write-Verbose -Message "Updating Entity Analytics IsEnabled value to {$EntityAnalyticsIsEnabled}" Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -SettingsName "EntityAnalytics" ` - -Enabled $EntityAnalyticsIsEnabled | Out-Null + -WorkspaceName $WorkspaceName ` + -SettingsName 'EntityAnalytics' ` + -Enabled $EntityAnalyticsIsEnabled | Out-Null } if ($PSBoundParameters.ContainsKey('EyesOnIsEnabled')) { Write-Verbose -Message "Updating Eyes On IsEnabled value to {$EyesOnIsEnabled}" Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -SettingsName "EyesOn" ` - -Enabled $EyesOnIsEnabled | Out-Null + -WorkspaceName $WorkspaceName ` + -SettingsName 'EyesOn' ` + -Enabled $EyesOnIsEnabled | Out-Null } if ($PSBoundParameters.ContainsKey('UebaDataSource')) { Write-Verbose -Message "Updating UEBA Data Source value to {$UebaDataSource}" Update-AzSentinelSetting -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -SettingsName "Ueba" ` - -DataSource $UebaDataSource | Out-Null + -WorkspaceName $WorkspaceName ` + -SettingsName 'Ueba' ` + -DataSource $UebaDataSource | Out-Null } } @@ -448,16 +448,16 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + -FileName $Global:PartialExportFileName $i++ Write-Host $Global:M365DSCEmojiGreenCheckMark } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelThreatIntelligenceIndicator/MSFT_SentinelThreatIntelligenceIndicator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelThreatIntelligenceIndicator/MSFT_SentinelThreatIntelligenceIndicator.psm1 index 5f7e93dfba..15590bef76 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelThreatIntelligenceIndicator/MSFT_SentinelThreatIntelligenceIndicator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelThreatIntelligenceIndicator/MSFT_SentinelThreatIntelligenceIndicator.psm1 @@ -130,19 +130,19 @@ function Get-TargetResource { Write-Verbose -Message "Retrieving indicator by id {$Id}" $instance = Get-M365DSCSentinelThreatIntelligenceIndicator -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Id $Id + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Id $Id } if ($null -eq $instance) { Write-Verbose -Message "Retrieving indicator by DisplayName {$DisplayName}" $instances = Get-M365DSCSentinelThreatIntelligenceIndicator -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId - $instance = $instances | Where-Object -FilterScript {$_.properties.displayName -eq $DisplayName} + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId + $instance = $instances | Where-Object -FilterScript { $_.properties.displayName -eq $DisplayName } } if ($null -eq $instance) { @@ -308,7 +308,7 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $instanceParameters = @{ - kind = 'indicator' + kind = 'indicator' properties = @{ confidence = $Confidence description = $Description @@ -349,31 +349,31 @@ function Set-TargetResource { Write-Verbose -Message "Creating a new indicator {$DisplayName}" New-M365DSCSentinelThreatIntelligenceIndicator -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Body $instanceParameters + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Body $instanceParameters } # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating indicator {$DisplayName}" Set-M365DSCSentinelThreatIntelligenceIndicator -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Body $instanceParameters ` - -Id $currentInstance.Id + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Body $instanceParameters ` + -Id $currentInstance.Id } # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing indicator {$DisplayName}" Remove-M365DSCSentinelThreatIntelligenceIndicator -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -TenantId $TenantId ` - -Id $currentInstance.Id + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -TenantId $TenantId ` + -Id $currentInstance.Id } } @@ -587,14 +587,14 @@ function Export-TargetResource } Write-Host " |---[$i/$($workspaces.Length)] $($workspace.Name)" -NoNewline - $subscriptionId = $workspace.ResourceId.Split('/')[2] + $subscriptionId = $workspace.ResourceId.Split('/')[2] $resourceGroupName = $workspace.ResourceGroupName - $workspaceName = $workspace.Name + $workspaceName = $workspace.Name $indicators = Get-M365DSCSentinelThreatIntelligenceIndicator -SubscriptionId $subscriptionId ` - -ResourceGroupName $resourceGroupName ` - -WorkspaceName $workspaceName ` - -TenantId $TenantId + -ResourceGroupName $resourceGroupName ` + -WorkspaceName $workspaceName ` + -TenantId $TenantId $j = 1 if ($currentWatchLists.Length -eq 0 ) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 index 38cce01c28..19b7c297c5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SentinelWatchlist/MSFT_SentinelWatchlist.psm1 @@ -115,29 +115,29 @@ function Get-TargetResource { if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.properties.watchListId -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.properties.watchListId -eq $Id } } if ($null -eq $instance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.name -eq $Name} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.name -eq $Name } } } else { $watchLists = Get-M365DSCSentinelWatchlist -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceName ` - -WorkspaceName $workspaceName ` - -TenantId $TenantId + -ResourceGroupName $ResourceName ` + -WorkspaceName $workspaceName ` + -TenantId $TenantId if (-not [System.String]::IsNullOrEmpty($Id)) { - $instance = $watchLists | Where-Object -FilterScript {$_.properties.watchListId -eq $Id} + $instance = $watchLists | Where-Object -FilterScript { $_.properties.watchListId -eq $Id } } if ($null -eq $instance) { - $instance = $watchLists | Where-Object -FilterScript {$_.name -eq $Name} + $instance = $watchLists | Where-Object -FilterScript { $_.name -eq $Name } } } if ($null -eq $instance) @@ -291,7 +291,7 @@ function Set-TargetResource $body = @{ properties = @{ displayName = $DisplayName - provider = "Microsoft" + provider = 'Microsoft' itemsSearchKey = $ItemsSearchKey sourceType = $SourceType description = $Description @@ -303,7 +303,7 @@ function Set-TargetResource if ($null -ne $RawContent) { - Write-Verbose -Message "Adding rawContent and contentType to the payload" + Write-Verbose -Message 'Adding rawContent and contentType to the payload' $body.properties.Add('rawContent', $RawContent) $body.properties.Add('contentType', 'text/csv') } @@ -313,21 +313,21 @@ function Set-TargetResource { Write-Verbose -Message "Configuring watchlist {$Name}" Set-M365DSCSentinelWatchlist -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -WatchListAlias $Alias ` - -Body $body ` - -TenantId $TenantId + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -WatchListAlias $Alias ` + -Body $body ` + -TenantId $TenantId } # REMOVE elseif ($Ensure -eq 'Absent') { Write-Verbose -Message "Removing watchlist {$Name}" Remove-M365DSCSentinelWatchlist -SubscriptionId $SubscriptionId ` - -ResourceGroupName $ResourceGroupName ` - -WorkspaceName $WorkspaceName ` - -WatchListAlias $Alias ` - -TenantId $TenantId + -ResourceGroupName $ResourceGroupName ` + -WorkspaceName $WorkspaceName ` + -WatchListAlias $Alias ` + -TenantId $TenantId } } @@ -520,14 +520,14 @@ function Export-TargetResource foreach ($workspace in $workspaces) { Write-Host " |---[$i/$($workspaces.Length)] $($workspace.Name)" -NoNewline - $subscriptionId = $workspace.ResourceId.Split('/')[2] + $subscriptionId = $workspace.ResourceId.Split('/')[2] $resourceGroupName = $workspace.ResourceGroupName - $workspaceName = $workspace.Name + $workspaceName = $workspace.Name $currentWatchLists = Get-M365DSCSentinelWatchlist -SubscriptionId $subscriptionId ` - -ResourceGroupName $resourceGroupName ` - -WorkspaceName $workspaceName ` - -TenantId $TenantId + -ResourceGroupName $resourceGroupName ` + -WorkspaceName $workspaceName ` + -TenantId $TenantId $j = 1 if ($currentWatchLists.Length -eq 0 ) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppSetupPolicy/MSFT_TeamsAppSetupPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppSetupPolicy/MSFT_TeamsAppSetupPolicy.psm1 index c758827f73..2379a710c6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppSetupPolicy/MSFT_TeamsAppSetupPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppSetupPolicy/MSFT_TeamsAppSetupPolicy.psm1 @@ -262,9 +262,9 @@ function Set-TargetResource $CreateParameters.Remove('Verbose') | Out-Null Write-Verbose -Message "Creating {$Identity} with Parameters:`r`n$(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" - $CreateParameters.AppPresetList = $appPresetValues + $CreateParameters.AppPresetList = $appPresetValues $CreateParameters.AppPresetMeetingList = $appPresetMeetingValues - $CreateParameters.PinnedAppBarApps = $pinnedAppBarAppsValue + $CreateParameters.PinnedAppBarApps = $pinnedAppBarAppsValue $CreateParameters.PinnedMessageBarApps = $pinnedMessageBarAppsValue New-CsTeamsAppSetupPolicy @CreateParameters | Out-Null @@ -275,9 +275,9 @@ function Set-TargetResource $UpdateParameters.Remove('Verbose') | Out-Null Write-Verbose -Message "Updating {$Identity}" - $UpdateParameters.AppPresetList = $appPresetValues + $UpdateParameters.AppPresetList = $appPresetValues $UpdateParameters.AppPresetMeetingList = $appPresetMeetingValues - $UpdateParameters.PinnedAppBarApps = $pinnedAppBarAppsValue + $UpdateParameters.PinnedAppBarApps = $pinnedAppBarAppsValue $UpdateParameters.PinnedMessageBarApps = $pinnedMessageBarAppsValue Set-CsTeamsAppSetupPolicy @UpdateParameters | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 index bdeec1a64e..411c4bf3b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource $Name, [Parameter()] - [ValidateRange(15,180)] + [ValidateRange(15, 180)] [System.UInt16] $AgentAlertTime, @@ -34,7 +34,7 @@ function Get-TargetResource $MusicOnHoldAudioFileId, [Parameter()] - [ValidateSet("DisconnectWithBusy","Forward","Voicemail","SharedVoicemail")] + [ValidateSet('DisconnectWithBusy', 'Forward', 'Voicemail', 'SharedVoicemail')] [System.String] $OverflowAction, @@ -43,12 +43,12 @@ function Get-TargetResource $OverflowActionTarget, [Parameter()] - [ValidateRange(0,200)] + [ValidateRange(0, 200)] [System.UInt16] $OverflowThreshold, [Parameter()] - [ValidateSet("Disconnect","Forward","Voicemail","SharedVoicemail")] + [ValidateSet('Disconnect', 'Forward', 'Voicemail', 'SharedVoicemail')] [System.String] $TimeoutAction, @@ -57,12 +57,12 @@ function Get-TargetResource $TimeoutActionTarget, [Parameter()] - [ValidateRange(0,2700)] + [ValidateRange(0, 2700)] [System.UInt16] $TimeoutThreshold, [Parameter()] - [ValidateSet("Attendant","Serial","RoundRobin","LongestIdle")] + [ValidateSet('Attendant', 'Serial', 'RoundRobin', 'LongestIdle')] [System.String] $RoutingMethod, @@ -257,12 +257,12 @@ function Get-TargetResource { Write-Host -Message "Getting Office 365 queue $Name" $queue = Get-CsCallQueue -NameFilter $Name ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript {$_.Name -eq $Name} + -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.Name -eq $Name } } else { Write-Host -Message "Retrieving queue $Name from the exported instances" - $queue = $Script:exportedInstances | Where-Object -FilterScript {$_.Name -eq $Name} + $queue = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } } @@ -353,7 +353,7 @@ function Set-TargetResource $Name, [Parameter()] - [ValidateRange(15,180)] + [ValidateRange(15, 180)] [System.UInt16] $AgentAlertTime, @@ -378,7 +378,7 @@ function Set-TargetResource $MusicOnHoldAudioFileId, [Parameter()] - [ValidateSet("DisconnectWithBusy","Forward","Voicemail","SharedVoicemail")] + [ValidateSet('DisconnectWithBusy', 'Forward', 'Voicemail', 'SharedVoicemail')] [System.String] $OverflowAction, @@ -387,12 +387,12 @@ function Set-TargetResource $OverflowActionTarget, [Parameter()] - [ValidateRange(0,200)] + [ValidateRange(0, 200)] [System.UInt16] $OverflowThreshold, [Parameter()] - [ValidateSet("Disconnect","Forward","Voicemail","SharedVoicemail")] + [ValidateSet('Disconnect', 'Forward', 'Voicemail', 'SharedVoicemail')] [System.String] $TimeoutAction, @@ -401,12 +401,12 @@ function Set-TargetResource $TimeoutActionTarget, [Parameter()] - [ValidateRange(0,2700)] + [ValidateRange(0, 2700)] [System.UInt16] $TimeoutThreshold, [Parameter()] - [ValidateSet("Attendant","Serial","RoundRobin","LongestIdle")] + [ValidateSet('Attendant', 'Serial', 'RoundRobin', 'LongestIdle')] [System.String] $RoutingMethod, @@ -635,7 +635,7 @@ function Test-TargetResource $Name, [Parameter()] - [ValidateRange(15,180)] + [ValidateRange(15, 180)] [System.UInt16] $AgentAlertTime, @@ -660,7 +660,7 @@ function Test-TargetResource $MusicOnHoldAudioFileId, [Parameter()] - [ValidateSet("DisconnectWithBusy","Forward","Voicemail","SharedVoicemail")] + [ValidateSet('DisconnectWithBusy', 'Forward', 'Voicemail', 'SharedVoicemail')] [System.String] $OverflowAction, @@ -669,12 +669,12 @@ function Test-TargetResource $OverflowActionTarget, [Parameter()] - [ValidateRange(0,200)] + [ValidateRange(0, 200)] [System.UInt16] $OverflowThreshold, [Parameter()] - [ValidateSet("Disconnect","Forward","Voicemail","SharedVoicemail")] + [ValidateSet('Disconnect', 'Forward', 'Voicemail', 'SharedVoicemail')] [System.String] $TimeoutAction, @@ -683,12 +683,12 @@ function Test-TargetResource $TimeoutActionTarget, [Parameter()] - [ValidateRange(0,2700)] + [ValidateRange(0, 2700)] [System.UInt16] $TimeoutThreshold, [Parameter()] - [ValidateSet("Attendant","Serial","RoundRobin","LongestIdle")] + [ValidateSet('Attendant', 'Serial', 'RoundRobin', 'LongestIdle')] [System.String] $RoutingMethod, @@ -940,7 +940,8 @@ function Export-TargetResource $Script:ExportMode = $true $Script:MaxSize = 1000 [array] $Script:exportedInstances = Get-CsCallQueue -ErrorAction Stop -First $Script:MaxSize - if ($Script:exportedInstances.Count -eq $Script:MaxSize){ + if ($Script:exportedInstances.Count -eq $Script:MaxSize) + { Write-Verbose -Message "WARNING: CsCallQueue isn't exporting all of them, you reach the max size." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 index 940dec7561..6d23a4d767 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 @@ -421,7 +421,7 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline foreach ($team in $Teams) { - if($null -ne $team.GroupId) + if ($null -ne $team.GroupId) { $channels = Get-TeamChannel -GroupId $team.GroupId $i = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 index f860d32bb3..f2ae6eaa49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 @@ -97,7 +97,7 @@ function Get-TargetResource DisplayName = $DisplayName TeamName = $TeamName ChannelName = $ChannelName - Ensure = "Absent" + Ensure = 'Absent' } try @@ -356,7 +356,7 @@ function Set-TargetResource $CurrentParameters.Remove('ChannelName') | Out-Null $CurrentParameters.Add('TeamsTabId', $tabInstance.Id) Write-Verbose -Message "Params: $($CurrentParameters | Out-String)" - Update-MgBetaTeamChannelTab @CurrentParameters | Out-Null + Update-MgBetaTeamChannelTab @CurrentParameters | Out-Null } elseif ($Ensure -eq 'Present' -and ($tab.Ensure -eq 'Absent')) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index ebfd75aaa1..32942f4199 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -13,7 +13,7 @@ function Get-TargetResource $GroupId, [Parameter(Mandatory = $true)] - [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy','TeamsVerticalPackagePolicy')] + [ValidateSet('ApplicationAccessPolicy', 'CallingLineIdentity', 'OnlineAudioConferencingRoutingPolicy', 'OnlineVoicemailPolicy', 'OnlineVoiceRoutingPolicy', 'TeamsAudioConferencingPolicy', 'TeamsCallHoldPolicy', 'TeamsCallParkPolicy', 'TeamsChannelsPolicy', 'TeamsComplianceRecordingPolicy', 'TeamsCortanaPolicy', 'TeamsEmergencyCallingPolicy', 'TeamsEnhancedEncryptionPolicy', 'TeamsFeedbackPolicy', 'TeamsFilesPolicy', 'TeamsIPPhonePolicy', 'TeamsMediaLoggingPolicy', 'TeamsMeetingBroadcastPolicy', 'TeamsMeetingPolicy', 'TeamsMessagingPolicy', 'TeamsMobilityPolicy', 'TeamsRoomVideoTeleConferencingPolicy', 'TeamsShiftsPolicy', 'TeamsUpdateManagementPolicy', 'TeamsVdiPolicy', 'TeamsVideoInteropServicePolicy', 'TenantDialPlan', 'ExternalAccessPolicy', 'TeamsAppSetupPolicy', 'TeamsCallingPolicy', 'TeamsEventsPolicy', 'TeamsMeetingBrandingPolicy', 'TeamsMeetingTemplatePermissionPolicy', 'TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -75,10 +75,12 @@ function Get-TargetResource try { Write-Verbose -Message "Getting Group with Id {$GroupId}" - if ($GroupId -match '\b[A-Fa-f0-9]{8}(?:-[A-Fa-f0-9]{4}){3}-[A-Fa-f0-9]{12}\b' -and $GroupId -ne '00000000-0000-0000-0000-000000000000'){ + if ($GroupId -match '\b[A-Fa-f0-9]{8}(?:-[A-Fa-f0-9]{4}){3}-[A-Fa-f0-9]{12}\b' -and $GroupId -ne '00000000-0000-0000-0000-000000000000') + { $Group = Find-CsGroup -SearchQuery $GroupId -ExactMatchOnly $true -ErrorAction SilentlyContinue } - else { + else + { $Group = $null } if ($null -eq $Group) @@ -157,7 +159,7 @@ function Set-TargetResource $GroupId, [Parameter(Mandatory = $true)] - [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy','TeamsVerticalPackagePolicy')] + [ValidateSet('ApplicationAccessPolicy', 'CallingLineIdentity', 'OnlineAudioConferencingRoutingPolicy', 'OnlineVoicemailPolicy', 'OnlineVoiceRoutingPolicy', 'TeamsAudioConferencingPolicy', 'TeamsCallHoldPolicy', 'TeamsCallParkPolicy', 'TeamsChannelsPolicy', 'TeamsComplianceRecordingPolicy', 'TeamsCortanaPolicy', 'TeamsEmergencyCallingPolicy', 'TeamsEnhancedEncryptionPolicy', 'TeamsFeedbackPolicy', 'TeamsFilesPolicy', 'TeamsIPPhonePolicy', 'TeamsMediaLoggingPolicy', 'TeamsMeetingBroadcastPolicy', 'TeamsMeetingPolicy', 'TeamsMessagingPolicy', 'TeamsMobilityPolicy', 'TeamsRoomVideoTeleConferencingPolicy', 'TeamsShiftsPolicy', 'TeamsUpdateManagementPolicy', 'TeamsVdiPolicy', 'TeamsVideoInteropServicePolicy', 'TenantDialPlan', 'ExternalAccessPolicy', 'TeamsAppSetupPolicy', 'TeamsCallingPolicy', 'TeamsEventsPolicy', 'TeamsMeetingBrandingPolicy', 'TeamsMeetingTemplatePermissionPolicy', 'TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -277,7 +279,7 @@ function Test-TargetResource $GroupId, [Parameter(Mandatory = $true)] - [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy','TeamsVerticalPackagePolicy')] + [ValidateSet('ApplicationAccessPolicy', 'CallingLineIdentity', 'OnlineAudioConferencingRoutingPolicy', 'OnlineVoicemailPolicy', 'OnlineVoiceRoutingPolicy', 'TeamsAudioConferencingPolicy', 'TeamsCallHoldPolicy', 'TeamsCallParkPolicy', 'TeamsChannelsPolicy', 'TeamsComplianceRecordingPolicy', 'TeamsCortanaPolicy', 'TeamsEmergencyCallingPolicy', 'TeamsEnhancedEncryptionPolicy', 'TeamsFeedbackPolicy', 'TeamsFilesPolicy', 'TeamsIPPhonePolicy', 'TeamsMediaLoggingPolicy', 'TeamsMeetingBroadcastPolicy', 'TeamsMeetingPolicy', 'TeamsMessagingPolicy', 'TeamsMobilityPolicy', 'TeamsRoomVideoTeleConferencingPolicy', 'TeamsShiftsPolicy', 'TeamsUpdateManagementPolicy', 'TeamsVdiPolicy', 'TeamsVideoInteropServicePolicy', 'TenantDialPlan', 'ExternalAccessPolicy', 'TeamsAppSetupPolicy', 'TeamsCallingPolicy', 'TeamsEventsPolicy', 'TeamsMeetingBrandingPolicy', 'TeamsMeetingTemplatePermissionPolicy', 'TeamsVerticalPackagePolicy')] [System.String] $PolicyType, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 index ee499942df..c25212738f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsM365App/MSFT_TeamsM365App.psm1 @@ -74,7 +74,7 @@ function Get-TargetResource { if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } } else { @@ -234,20 +234,20 @@ function Set-TargetResource { Write-Verbose -Message "Removing Users Assignments for {$($usersToAdd)}" Update-M365TeamsApp -Id $Id ` - -IsBlocked $IsBlocked ` - -AppAssignmentType $AssignmentType ` - -OperationType 'Remove' ` - -Users $usersToRemove + -IsBlocked $IsBlocked ` + -AppAssignmentType $AssignmentType ` + -OperationType 'Remove' ` + -Users $usersToRemove } if ($usersToAdd.Length -gt 0) { Write-Verbose -Message "Removing Users Assignments for {$($usersToAdd)}" Update-M365TeamsApp -Id $Id ` - -IsBlocked $IsBlocked ` - -AppAssignmentType $AssignmentType ` - -OperationType 'Add' ` - -Users $usersToAdd + -IsBlocked $IsBlocked ` + -AppAssignmentType $AssignmentType ` + -OperationType 'Add' ` + -Users $usersToAdd } #endregion @@ -273,20 +273,20 @@ function Set-TargetResource { Write-Verbose -Message "Removing Group Assignments for {$($groupsToRemove)}" Update-M365TeamsApp -Id $Id ` - -IsBlocked $IsBlocked ` - -AppAssignmentType $AssignmentType ` - -OperationType 'Remove' ` - -Groups $groupsToRemove + -IsBlocked $IsBlocked ` + -AppAssignmentType $AssignmentType ` + -OperationType 'Remove' ` + -Groups $groupsToRemove } if ($groupsToAdd.Length -gt 0) { Write-Verbose -Message "Adding Group Assignments for {$($groupsToAdd)}" Update-M365TeamsApp -Id $Id ` - -IsBlocked $IsBlocked ` - -AppAssignmentType $AssignmentType ` - -OperationType 'Add' ` - -Groups $groupsToAdd + -IsBlocked $IsBlocked ` + -AppAssignmentType $AssignmentType ` + -OperationType 'Add' ` + -Groups $groupsToAdd } #endregion } @@ -294,8 +294,8 @@ function Set-TargetResource { Write-Verbose -Message "Updating core settings for app {$Id}" Update-M365TeamsApp -Id $Id ` - -IsBlocked $IsBlocked ` - -AppAssignmentType $AssignmentType + -IsBlocked $IsBlocked ` + -AppAssignmentType $AssignmentType } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 index 92e0513144..ee64f5a2e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMessagingPolicy/MSFT_TeamsMessagingPolicy.psm1 @@ -179,7 +179,7 @@ function Get-TargetResource $currentPolicy = $currentPolicy.Split(':')[1] } return @{ - Identity = $currentPolicy + Identity = $currentPolicy AllowCommunicationComplianceEndUserReporting = $policy.AllowCommunicationComplianceEndUserReporting AllowGiphy = $policy.AllowGiphy AllowFluidCollaborate = $policy.AllowFluidCollaborate diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 index 2f032f78bd..808449ce9d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 @@ -50,7 +50,7 @@ function Get-TargetResource { $settings = Get-CsTeamsSettingsCustomApp -ErrorAction Stop return @{ - IsSingleInstance = 'Yes' + IsSingleInstance = 'Yes' IsSideloadedAppsInteractionEnabled = $settings.IsSideloadedAppsInteractionEnabled Credential = $Credential AccessTokens = $AccessTokens @@ -59,7 +59,7 @@ function Get-TargetResource } catch { - if ($_.Exception.Message -like "*Resource not found.*") + if ($_.Exception.Message -like '*Resource not found.*') { Write-Warning -Message "The API doesn't exist for the selected environment." } @@ -222,9 +222,9 @@ function Export-TargetResource { $dscContent = '' $params = @{ - IsSingleInstance = 'Yes' - Credential = $Credential - AccessTokens = $AccessTokens + IsSingleInstance = 'Yes' + Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params @@ -236,7 +236,7 @@ function Export-TargetResource } $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results + -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsPstnUsage/MSFT_TeamsPstnUsage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsPstnUsage/MSFT_TeamsPstnUsage.psm1 index 7dade8dee8..d1a7909943 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsPstnUsage/MSFT_TeamsPstnUsage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsPstnUsage/MSFT_TeamsPstnUsage.psm1 @@ -166,7 +166,7 @@ function Set-TargetResource $SetParameters.Remove('TenantId') | Out-Null $SetParameters.Remove('CertificateThumbprint') | Out-Null $SetParameters.Remove('ManagedIdentity') | Out-Null - $SetParameters.Remove('AccessTokens') | Out-Null + $SetParameters.Remove('AccessTokens') | Out-Null if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent') { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsShiftsPolicy/MSFT_TeamsShiftsPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsShiftsPolicy/MSFT_TeamsShiftsPolicy.psm1 index 702bd1c042..37a2982a75 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsShiftsPolicy/MSFT_TeamsShiftsPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsShiftsPolicy/MSFT_TeamsShiftsPolicy.psm1 @@ -225,7 +225,7 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('EnableShiftPresence')) { - Write-Verbose -Message "The EnableShiftPresence parameter was used but is deprecated. It will be ignored." + Write-Verbose -Message 'The EnableShiftPresence parameter was used but is deprecated. It will be ignored.' $PSBoundParameters.Remove('EnableShiftPresence') | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTemplatesPolicy/MSFT_TeamsTemplatesPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTemplatesPolicy/MSFT_TeamsTemplatesPolicy.psm1 index c74fe4e136..8554f7b9cf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTemplatesPolicy/MSFT_TeamsTemplatesPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTemplatesPolicy/MSFT_TeamsTemplatesPolicy.psm1 @@ -195,7 +195,7 @@ function Set-TargetResource $allTemplates = Get-CsTeamTemplateList foreach ($hiddenTemplate in $HiddenTemplates) { - $template = $allTemplates | Where-Object -FilterScript {$_.Name -eq $hiddenTemplate} + $template = $allTemplates | Where-Object -FilterScript { $_.Name -eq $hiddenTemplate } $hideTemplatesValues += New-CsTeamsHiddenTemplate -Id $template.Id } $SetParameters.HiddenTemplates = $hideTemplatesValues diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 index 401cf324d0..929262de24 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 @@ -207,13 +207,13 @@ function Set-TargetResource { $PSBoundParameters.Remove('OptimizeDeviceDialing') | Out-Null - Write-Verbose -Message "Parameter OptimizeDeviceDialing has been deprecated and must not be used, removing it from PSBoundParameters." + Write-Verbose -Message 'Parameter OptimizeDeviceDialing has been deprecated and must not be used, removing it from PSBoundParameters.' } if ($PSBoundParameters.ContainsKey('ExternalAccessPrefix')) { $PSBoundParameters.Remove('ExternalAccessPrefix') | Out-Null - Write-Verbose -Message "Parameter ExternalAccessPrefix has been deprecated and must not be used, removing it from PSBoundParameters." + Write-Verbose -Message 'Parameter ExternalAccessPrefix has been deprecated and must not be used, removing it from PSBoundParameters.' } if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent') @@ -399,13 +399,13 @@ function Test-TargetResource { $PSBoundParameters.Remove('OptimizeDeviceDialing') | Out-Null - Write-Verbose -Message "Parameter OptimizeDeviceDialing has been deprecated and must not be used, removing it from PSBoundParameters." + Write-Verbose -Message 'Parameter OptimizeDeviceDialing has been deprecated and must not be used, removing it from PSBoundParameters.' } if ($PSBoundParameters.ContainsKey('ExternalAccessPrefix')) { $PSBoundParameters.Remove('ExternalAccessPrefix') | Out-Null - Write-Verbose -Message "Parameter ExternalAccessPrefix has been deprecated and must not be used, removing it from PSBoundParameters." + Write-Verbose -Message 'Parameter ExternalAccessPrefix has been deprecated and must not be used, removing it from PSBoundParameters.' } Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradeConfiguration/MSFT_TeamsUpgradeConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradeConfiguration/MSFT_TeamsUpgradeConfiguration.psm1 index d1b3b66a5a..4219381e06 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradeConfiguration/MSFT_TeamsUpgradeConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradeConfiguration/MSFT_TeamsUpgradeConfiguration.psm1 @@ -160,7 +160,7 @@ function Set-TargetResource $SetParameters.Remove('TenantId') | Out-Null $SetParameters.Remove('CertificateThumbprint') | Out-Null $SetParameters.Remove('ManagedIdentity') | Out-Null - $SetParameters.Add("Identity", "Global") + $SetParameters.Add('Identity', 'Global') $SetParameters.Remove('AccessTokens') | Out-Null Write-Verbose -Message "Updating with Values: $(Convert-M365DscHashtableToString -Hashtable $SetParameters)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 index 7bbc0ac35a..3788ba9b77 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 @@ -166,8 +166,8 @@ function Set-TargetResource { Write-Verbose -Message "Granting TeamsUpgradePolicy {$Identity} to all Users with MigrateMeetingsToTeams=$MigrateMeetingsToTeams" Grant-CsTeamsUpgradePolicy -PolicyName $Identity ` - -MigrateMeetingsToTeams:$MigrateMeetingsToTeams ` - -Global + -MigrateMeetingsToTeams:$MigrateMeetingsToTeams ` + -Global } else { @@ -175,8 +175,8 @@ function Set-TargetResource { Write-Verbose -Message "Granting TeamsUpgradePolicy {$Identity} to User {$user} with MigrateMeetingsToTeams=$MigrateMeetingsToTeams" Grant-CsTeamsUpgradePolicy -PolicyName $Identity ` - -Identity $user ` - -MigrateMeetingsToTeams:$MigrateMeetingsToTeams + -Identity $user ` + -MigrateMeetingsToTeams:$MigrateMeetingsToTeams } } } @@ -243,7 +243,7 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove("Users") | Out-Null + $ValuesToCheck.Remove('Users') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserPolicyAssignment/MSFT_TeamsUserPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserPolicyAssignment/MSFT_TeamsUserPolicyAssignment.psm1 index 76c6feb52f..649b7a09f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserPolicyAssignment/MSFT_TeamsUserPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserPolicyAssignment/MSFT_TeamsUserPolicyAssignment.psm1 @@ -144,133 +144,133 @@ function Get-TargetResource return $null } - $CallingLineIdentityValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'CallingLineIdentity'}).PolicyName + $CallingLineIdentityValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'CallingLineIdentity' }).PolicyName if ([System.String]::IsNullOrEmpty($CallingLineIdentityValue)) { $CallingLineIdentityValue = 'Global' } - $ExternalAccessPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'ExternalAccessPolicy'}).PolicyName + $ExternalAccessPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'ExternalAccessPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($ExternalAccessPolicyValue)) { $ExternalAccessPolicyValue = 'Global' } - $OnlineVoicemailPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'OnlineVoicemailPolicy'}).PolicyName + $OnlineVoicemailPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'OnlineVoicemailPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($OnlineVoicemailPolicyValue)) { $OnlineVoicemailPolicyValue = 'Global' } - $OnlineVoiceRoutingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'OnlineVoiceRoutingPolicy'}).PolicyName + $OnlineVoiceRoutingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'OnlineVoiceRoutingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($OnlineVoiceRoutingPolicyValue)) { $OnlineVoiceRoutingPolicyValue = 'Global' } - $TeamsAppPermissionPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsAppPermissionPolicy'}).PolicyName + $TeamsAppPermissionPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsAppPermissionPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsAppPermissionPolicyValue)) { $TeamsAppPermissionPolicyValue = 'Global' } - $TeamsAppSetupPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsAppSetupPolicy'}).PolicyName + $TeamsAppSetupPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsAppSetupPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsAppSetupPolicyValue)) { $TeamsAppSetupPolicyValue = 'Global' } - $TeamsAudioConferencingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsAudioConferencingPolicy'}).PolicyName + $TeamsAudioConferencingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsAudioConferencingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsAudioConferencingPolicyValue)) { $TeamsAudioConferencingPolicyValue = 'Global' } - $TeamsCallHoldPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsCallHoldPolicy'}).PolicyName + $TeamsCallHoldPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsCallHoldPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsCallHoldPolicyValue)) { $TeamsCallHoldPolicyValue = 'Global' } - $TeamsCallingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsCallingPolicy'}).PolicyName + $TeamsCallingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsCallingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsCallingPolicyValue)) { $TeamsCallingPolicyValue = 'Global' } - $TeamsCallParkPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsCallParkPolicy'}).PolicyName + $TeamsCallParkPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsCallParkPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsCallParkPolicyValue)) { $TeamsCallParkPolicyValue = 'Global' } - $TeamsChannelsPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsChannelsPolicy'}).PolicyName + $TeamsChannelsPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsChannelsPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsChannelsPolicyValue)) { $TeamsChannelsPolicyValue = 'Global' } - $TeamsEmergencyCallingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsEmergencyCallingPolicy'}).PolicyName + $TeamsEmergencyCallingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsEmergencyCallingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsEmergencyCallingPolicyValue)) { $TeamsEmergencyCallingPolicyValue = 'Global' } - $TeamsEmergencyCallRoutingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsEmergencyCallRoutingPolicy'}).PolicyName + $TeamsEmergencyCallRoutingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsEmergencyCallRoutingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsEmergencyCallRoutingPolicyValue)) { $TeamsEmergencyCallRoutingPolicyValue = 'Global' } - $TeamsEnhancedEncryptionPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsEnhancedEncryptionPolicy'}).PolicyName + $TeamsEnhancedEncryptionPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsEnhancedEncryptionPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsEnhancedEncryptionPolicyValue)) { $TeamsEnhancedEncryptionPolicyValue = 'Global' } - $TeamsEventsPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsEventsPolicy'}).PolicyName + $TeamsEventsPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsEventsPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsEventsPolicyValue)) { $TeamsEventsPolicyValue = 'Global' } - $TeamsMeetingBroadcastPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsMeetingBroadcastPolicy'}).PolicyName + $TeamsMeetingBroadcastPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsMeetingBroadcastPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsMeetingBroadcastPolicyValue)) { $TeamsMeetingBroadcastPolicyValue = 'Global' } - $TeamsMeetingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsMeetingPolicy'}).PolicyName + $TeamsMeetingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsMeetingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsMeetingPolicyValue)) { $TeamsMeetingPolicyValue = 'Global' } - $TeamsMessagingPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsMessagingPolicy'}).PolicyName + $TeamsMessagingPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsMessagingPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsMessagingPolicyValue)) { $TeamsMessagingPolicyValue = 'Global' } - $TeamsMobilityPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsMobilityPolicy'}).PolicyName + $TeamsMobilityPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsMobilityPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsMobilityPolicyValue)) { $TeamsMobilityPolicyValue = 'Global' } - $TeamsUpdateManagementPolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsUpdateManagementPolicy'}).PolicyName + $TeamsUpdateManagementPolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsUpdateManagementPolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsUpdateManagementPolicyValue)) { $TeamsUpdateManagementPolicyValue = 'Global' } - $TeamsUpgradePolicyValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TeamsUpgradePolicy'}).PolicyName + $TeamsUpgradePolicyValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TeamsUpgradePolicy' }).PolicyName if ([System.String]::IsNullOrEmpty($TeamsUpgradePolicyValue)) { $TeamsUpgradePolicyValue = 'Global' } - $TenantDialPlanValue = ($assignment | Where-Object -FilterScript {$_.PolicyType -eq 'TenantDialPlan'}).PolicyName + $TenantDialPlanValue = ($assignment | Where-Object -FilterScript { $_.PolicyType -eq 'TenantDialPlan' }).PolicyName if ([System.String]::IsNullOrEmpty($TenantDialPlanValue)) { $TenantDialPlanValue = 'Global' diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/1-Create.ps1 similarity index 84% rename from Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/3-Remove.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/1-Create.ps1 index a3e4563a8d..f3658842c0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/1-Create.ps1 @@ -24,8 +24,9 @@ Configuration Example { EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' { - Identity = 'US Mailboxes' - Ensure = "Absent" + Identity = 'US Mailboxes' + Enabled = $true + Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/2-Update.ps1 similarity index 56% rename from Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/2-Update.ps1 index b516274848..9405822b23 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataEncryptionPolicy/2-Update.ps1 @@ -19,8 +19,17 @@ Configuration Example $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC + node localhost { - + EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' + { + Identity = 'US Mailboxes' + Enabled = $false #Drift + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOTeamsProtectionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOTeamsProtectionPolicy/2-Update.ps1 new file mode 100644 index 0000000000..cf5c6abffa --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOTeamsProtectionPolicy/2-Update.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTeamsProtectionPolicy 'EXOTeamsProtectionPolicy' + { + IsSingleInstance = 'Yes' + AdminDisplayName = 'Contoso Administrator' + HighConfidencePhishQuarantineTag = 'DefaultFullAccessPolicy' + MalwareQuarantineTag = 'AdminOnlyAccessPolicy' + ZapEnabled = $true + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 new file mode 100644 index 0000000000..9e6411137f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..36395dc1ac --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..a5cf33d766 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidDeviceOwner/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 new file mode 100644 index 0000000000..f57c69cacd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 new file mode 100644 index 0000000000..666de2cd47 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 new file mode 100644 index 0000000000..8d201f5e13 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateAndroidEnterprise/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/1-Create.ps1 new file mode 100644 index 0000000000..0d5793e31b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/1-Create.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateIOS "ConfigureIntuneTrustedRootCertificateIOS" + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/2-Update.ps1 new file mode 100644 index 0000000000..5b7d82754c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateIOS "ConfigureIntuneTrustedRootCertificateIOS" + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/3-Remove.ps1 new file mode 100644 index 0000000000..e07696e70f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneTrustedRootCertificateIOS/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Trusted Root Certificate Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateIOS "ConfigureIntuneTrustedRootCertificateIOS" + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/1-Create.ps1 new file mode 100644 index 0000000000..35833e1e40 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/1-Create.ps1 @@ -0,0 +1,61 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyIOS "IntuneVPNConfigurationPolicyIOS-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + associatedDomains = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyIOS-ConnectionName"; + connectionType = "ciscoAnyConnectV2"; + Description = "IntuneVPNConfigurationPolicyIOS-Example Description"; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + enableSplitTunneling = $False; + Ensure = "Present"; + excludedDomains = @(); + excludeList = @(); + Id = "ec5432ff-d536-40cb-ba0a-e16260b01382"; + optInToDeviceIdSharing = $True; + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ); + safariDomains = @(); + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + targetedMobileApps = @(); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/2-Update.ps1 new file mode 100644 index 0000000000..ab3b442e41 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/2-Update.ps1 @@ -0,0 +1,61 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyIOS "IntuneVPNConfigurationPolicyIOS-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + associatedDomains = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyIOS-ConnectionName"; + connectionType = "ciscoAnyConnectV2"; + Description = "IntuneVPNConfigurationPolicyIOS-Example Description"; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + enableSplitTunneling = $False; + Ensure = "Present"; + excludedDomains = @(); + excludeList = @(); + Id = "ec5432ff-d536-40cb-ba0a-e16260b01382"; + optInToDeviceIdSharing = $True; + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ); + safariDomains = @(); + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.newAddress.com' #updated VPN address + } + ); + targetedMobileApps = @(); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/3-Remove.ps1 similarity index 55% rename from Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/3-Remove.ps1 index b516274848..fcf4e603b5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyIOS/3-Remove.ps1 @@ -19,8 +19,16 @@ Configuration Example $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC + node localhost { - + IntuneVPNConfigurationPolicyIOS "IntuneVPNConfigurationPolicyIOS-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + Ensure = "Absent"; + } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 deleted file mode 100644 index b516274848..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - node localhost - { - - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCCaseHoldPolicy/1-AddingNewCaseHoldPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCCaseHoldPolicy/1-AddingNewCaseHoldPolicy.ps1 index 62fd2b4ce1..f7be800862 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/SCCaseHoldPolicy/1-AddingNewCaseHoldPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/SCCaseHoldPolicy/1-AddingNewCaseHoldPolicy.ps1 @@ -5,10 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -16,14 +25,16 @@ Configuration Example { SCCaseHoldPolicy 'CaseHoldPolicy' { - Case = "Test Case" - ExchangeLocation = "DemoGroup@contoso.onmicrosoft.com" - Name = "Demo Hold" - PublicFolderLocation = "All" - Comment = "This is a demo" - Enabled = $True - Ensure = "Present" - Credential = $Credscredential + Case = 'Test Case' + ExchangeLocation = 'DemoGroup@contoso.onmicrosoft.com' + Name = 'Demo Hold' + PublicFolderLocation = 'All' + Comment = 'This is a demo' + Enabled = $True + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCSupervisoryReviewRule/1-AddingNewSupervisoryReviewRule.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCSupervisoryReviewRule/1-AddingNewSupervisoryReviewRule.ps1 index dfa50fdd60..3cf4a2fe32 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/SCSupervisoryReviewRule/1-AddingNewSupervisoryReviewRule.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/SCSupervisoryReviewRule/1-AddingNewSupervisoryReviewRule.ps1 @@ -5,23 +5,35 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC Node localhost { SCSupervisoryReviewRule 'SupervisoryReviewRule' { - Name = "DemoRule" - Condition = "(NOT(Reviewee:US Compliance))" - SamplingRate = 100 - Policy = 'TestPolicy' - Ensure = "Present" - Credential = $Credscredential + Name = 'DemoRule' + Condition = '(NOT(Reviewee:US Compliance))' + SamplingRate = 100 + Policy = 'TestPolicy' + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 index ead7b6c305..0837897aae 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/SCUnifiedAuditLogRetentionPolicy/1-CreateNewUnifiedAuditLogRetentionPolicy.ps1 @@ -5,22 +5,35 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credentials + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { SCUnifiedAuditLogRetentionPolicy 'Example' { - Credential = $Credentials; - Ensure = "Present"; - Name = "Test Policy"; - Priority = 1; - RetentionDuration = "SevenDays"; + Credential = $Credentials + Ensure = 'Present' + Name = 'Test Policy' + Priority = 1 + RetentionDuration = 'SevenDays' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/SPORetentionLabelsSettings/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SPORetentionLabelsSettings/2-Update.ps1 new file mode 100644 index 0000000000..818f37e5d8 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/SPORetentionLabelsSettings/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SPORetentionLabelsSettings "SPORetentionLabelsSettings" + { + AdvancedRecordVersioningDisabled = $True; + AllowFilesWithKeepLabelToBeDeletedODB = $false; + AllowFilesWithKeepLabelToBeDeletedSPO = $false; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + IsSingleInstance = "Yes"; + MetadataEditBlockingEnabled = $true; + TenantId = $TenantId; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsCallHoldPolicy/1-TeamsCallHoldPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsCallHoldPolicy/1-TeamsCallHoldPolicy-Example.ps1 index 6af82a7e56..ba3768eab4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsCallHoldPolicy/1-TeamsCallHoldPolicy-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsCallHoldPolicy/1-TeamsCallHoldPolicy-Example.ps1 @@ -5,10 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -16,9 +25,11 @@ Configuration Example { TeamsCallHoldPolicy 'Example' { - Credential = $Credscredential; - Ensure = "Present"; - Identity = "Global"; + Identity = 'Global' + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsChannel/1-CreateTeamsChannel.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsChannel/1-CreateTeamsChannel.ps1 index f5e7e31644..8bbd2e0b5c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsChannel/1-CreateTeamsChannel.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsChannel/1-CreateTeamsChannel.ps1 @@ -5,23 +5,35 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { TeamsChannel 'ConfigureChannel' { - TeamName = "SuperSecretTeam" - DisplayName = "SP2013 Review teams group" - NewDisplayName = "SP2016 Review teams group" - Description = "SP2016 Code reviews for SPFX" - Ensure = "Present" - Credential = $Credscredential + TeamName = 'SuperSecretTeam' + DisplayName = 'SP2013 Review teams group' + NewDisplayName = 'SP2016 Review teams group' + Description = 'SP2016 Code reviews for SPFX' + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsChannelsPolicy/1-AddNewChannelsPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsChannelsPolicy/1-AddNewChannelsPolicy.ps1 index 9f2cb1a24e..a202f4c10e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsChannelsPolicy/1-AddNewChannelsPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsChannelsPolicy/1-AddNewChannelsPolicy.ps1 @@ -6,9 +6,17 @@ Configuration Example { param ( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -26,7 +34,9 @@ Configuration Example AllowSharedChannelCreation = $True AllowUserToParticipateInExternalSharedChannel = $True Ensure = 'Present' - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsShiftsPolicy/1-TeamsShiftsPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsShiftsPolicy/1-TeamsShiftsPolicy-Example.ps1 index 4edfab81b1..79947b0277 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsShiftsPolicy/1-TeamsShiftsPolicy-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsShiftsPolicy/1-TeamsShiftsPolicy-Example.ps1 @@ -5,10 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -16,16 +25,18 @@ Configuration Example { TeamsShiftsPolicy 'Example' { - AccessGracePeriodMinutes = 15; - AccessType = "UnrestrictedAccess_TeamsApp"; - Credential = $Credscredential; - EnableScheduleOwnerPermissions = $False; - EnableShiftPresence = $False; - Ensure = "Present"; - Identity = "Global"; - ShiftNoticeFrequency = "Never"; - ShiftNoticeMessageCustom = ""; - ShiftNoticeMessageType = "DefaultMessage"; + Identity = 'Global' + AccessGracePeriodMinutes = 15 + AccessType = 'UnrestrictedAccess_TeamsApp' + EnableScheduleOwnerPermissions = $False + EnableShiftPresence = $False + Ensure = 'Present' + ShiftNoticeFrequency = 'Never' + ShiftNoticeMessageCustom = '' + ShiftNoticeMessageType = 'DefaultMessage' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsTeam/1-CreateNewTeam.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsTeam/1-CreateNewTeam.ps1 index af538b0418..9d2b9e2096 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsTeam/1-CreateNewTeam.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsTeam/1-CreateNewTeam.ps1 @@ -5,21 +5,31 @@ It is not meant to use as a production baseline. Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { TeamsTeam 'ConfigureTeam' { - DisplayName = "Sample3" - Description = "Sample" - Visibility = "Private" - MailNickName = "DSCTeam2" + DisplayName = 'Sample3' + Description = 'Sample' + Visibility = 'Private' + MailNickName = 'DSCTeam2' AllowUserEditMessages = $false AllowUserDeleteMessages = $false AllowOwnerDeleteMessages = $false @@ -31,13 +41,15 @@ Configuration Example AllowCreateUpdateRemoveTabs = $false AllowCreateUpdateRemoveConnectors = $false AllowGiphy = $True - GiphyContentRating = "strict" + GiphyContentRating = 'strict' AllowStickersAndMemes = $True AllowCustomMemes = $True AllowGuestCreateUpdateChannels = $true AllowGuestDeleteChannels = $true - Ensure = "Present" - Credential = $Credscredential + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 2496854e9d..272d12703e 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-11-27 +# Generated on: 2024-12-04 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1127.1' + ModuleVersion = '1.24.1204.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,59 +147,44 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AAD - * Added ApplicationSecret auth method to multiple resources -* AADFilteringPolicyRule - * Fixed an issue with the export of the Destinations property where - the CIMInstance array object was malformed. -* EXOEOPProtectionPolicyRule + ReleaseNotes = '* All resources + * Applying project default formatting on all files, to improve + reading and troubleshooting. +* AADAccessReviewDefinition + * Added support for #microsoft.graph.accessReviewInactiveUsersQueryScope in odatatype. +* AADActivityBasedTimeoutPolicy * Added support for AccessTokens. -* EXOExternalInOutlook - * Added support for AccessTokens. -* EXOMailContact - * Changed how empty arrays are returned. -* EXOPlace - * Changed how empty arrays are returned. -* EXORecipientPermission - * Added logic to update an existing recipients permissions. +* AADClaimsMappingPolicy + * Fixed policy retrieval + FIXES [#5505](https://github.com/microsoft/Microsoft365DSC/issues/5505) +* AADIdentityAPIConnector + * Changed the export logic to export passwords as credential objects instead of string. +* AADRoleManagementPolicyRule + * Added the logic to handle filters in the Export logic flow. +* EXOAuthenticationPolicyAssignment + * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. +* EXOClientAccessRule + * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. +* EXOManagementRoleAssignment + * Changed logic to detect drift. +* EXOServicePrincipal + * Removed ObjectID from the return of the Get-TargetResource method. +* EXOTeamsProtectionPolicy + * Initial release + FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296) * EXOTransportRule - * Changed how empty arrays are returned. -* INTUNE - * Add parameter `-All` to Graph requests to fetch all policies on Get. -* IntuneAndroidManagedStoreAppConfiguration + * Fixed conditional logic for creation and update. +* IntuneTrustedRootCertificateIOS + * Initial release +* IntuneVPNConfigurationPolicyIOS * Initial release. -* IntuneAppConfigurationPolicy - * Fixes an issue where assignment was not properly set if the - groupId was null. - FIXES [#5430](https://github.com/microsoft/Microsoft365DSC/issues/5430) -* IntuneMobileAppConfigurationPolicyIOS - * Removing resource. Already possible with IntuneAppConfigurationDevicePolicy -* IntuneMobileThreatDefenseConnector - * Fixes a NotFound error when the resource does not exist and remove - `LastHeartbeatDateTime` from comparison. -* IntuneRoleAssignment - * Improve verbose output and fix copy-pasted variables. -* IntuneRoleScopeTag +* M365DSCRuleEvaluation + * Only attempt to pass AccessTokens if specified. +* SPORetentionLabelsSettings * Initial release. -* TeamsUserPolicyAssignment - * Added support for the Global policies. -* TeamsUpgradePolicy - * DEPRECATED: Users properties. Use the TeamsUserPolicyAssignment resource - instead. -* M365DSCUtil - * Add default Ensure value `Present` if not specified. - FIXES [#5085](https://github.com/microsoft/Microsoft365DSC/issues/5085) - * When exporting generate the instance names of resources with their mandatory - keys instead of random GUIDs , this makes exports idempotent again - FIXES [#5469](https://github.com/microsoft/Microsoft365DSC/issues/5469) * MISC - * Removed hardcoded Graph urls and replaced by MSCloudLoginAssistant values. - * Add separate module handling for PowerShell Core. -* DEPENDENCIES - * Updated DSCParser to version 2.0.0.14. - * Updated Microsoft.Graph to version 2.25.0. - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.200. - * Updated MicrosoftTeams to version 6.7.0.' + * M365DSCDRGUtil + * Add separate check for strings with ordinal comparison and standardized line breaks.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 22f7ae49f8..d7b2a9be5a 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -608,7 +608,7 @@ function Compare-M365DSCComplexObject { if ($Source.Length -ne $Target.Length) { - Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($Source.Length)} Target {$($Target.Length)}" + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($Source.Length)}, Target {$($Target.Length)}" return $false } if ($Source.Length -eq 0) @@ -627,7 +627,9 @@ function Compare-M365DSCComplexObject if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - Intune Policy Assignment: $key Source {$Source} Target {$Target}" + Write-Verbose -Message "Configuration drift - Intune Policy Assignment: $key" + Write-Verbose -Message "Source {$Source}" + Write-Verbose -Message "Target {$Target}" return $false } @@ -724,7 +726,9 @@ function Compare-M365DSCComplexObject $targetValue = 'null' } - Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + Write-Verbose -Message "Configuration drift - key: $key" + Write-Verbose -Message "Source {$sourceValue}" + Write-Verbose -Message "Target {$targetValue}" return $false } @@ -753,7 +757,9 @@ function Compare-M365DSCComplexObject if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + Write-Verbose -Message "Configuration drift - complex object key: $key" + Write-Verbose -Message "Source {$sourceValue}" + Write-Verbose -Message "Target {$targetValue}" return $false } } @@ -774,6 +780,26 @@ function Compare-M365DSCComplexObject $compareResult = $null } } + elseif ($targetType -eq 'String') + { + # Align line breaks + if (-not [System.String]::IsNullOrEmpty($referenceObject)) + { + $referenceObject = $referenceObject.Replace("`r`n", "`n") + } + + if (-not [System.String]::IsNullOrEmpty($differenceObject)) + { + $differenceObject = $differenceObject.Replace("`r`n", "`n") + } + + $compareResult = $true + $ordinalComparison = [System.String]::Equals($referenceObject, $differenceObject, [System.StringComparison]::Ordinal) + if ($ordinalComparison) + { + $compareResult = $null + } + } else { $compareResult = Compare-Object ` @@ -783,7 +809,9 @@ function Compare-M365DSCComplexObject if ($null -ne $compareResult) { - Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + Write-Verbose -Message "Configuration drift - simple object key: $key" + Write-Verbose -Message "Source {$sourceValue}" + Write-Verbose -Message "Target {$targetValue}" return $false } } @@ -2321,7 +2349,15 @@ function Export-IntuneSettingCatalogPolicySettings { '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' { - $settingValue = if ($IsRoot) { $SettingInstance.AdditionalProperties.simpleSettingValue.value } else { $SettingInstance.simpleSettingValue.value } + $simpleSetting = if ($IsRoot) { $SettingInstance.AdditionalProperties.simpleSettingValue } else { $SettingInstance.simpleSettingValue } + if ($simpleSetting.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') + { + $settingValue = [int]$simpleSetting.value + } + else + { + $settingValue = $simpleSetting.value + } } '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' { @@ -2411,16 +2447,30 @@ function Export-IntuneSettingCatalogPolicySettings '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' { $values = @() - $childValues = if ($IsRoot) { $SettingInstance.AdditionalProperties.simpleSettingCollectionValue.value } else { $SettingInstance.simpleSettingCollectionValue.value } + $childValues = if ($IsRoot) { $SettingInstance.AdditionalProperties.simpleSettingCollectionValue } else { $SettingInstance.simpleSettingCollectionValue } foreach ($value in $childValues) { - $values += $value + if ($value.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') + { + $values += [int]$value.value + } + else + { + $values += $value.value + } } $settingValue = $values } Default { - $settingValue = $SettingInstance.value + if ($SettingInstance.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue') + { + $settingValue += [int]$SettingInstance.value + } + else + { + $settingValue = $SettingInstance.value + } } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 index ca1d20dd85..f181ac8ce2 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 @@ -1279,7 +1279,7 @@ Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionName='Exchange.ManageAsApp'}) -AdminConsent -Credential $creds -Type Certificate -CertificatePath c:\Temp\M365DSC.cer .EXAMPLE -Update-M365DSCAzureAdApplication -ApplicationName $Microsoft365DSC -Permissions $(Get-M365DSCCompiledPermissionList -ResourceNameList Get-M365DSCAllResources -PermissionType Application -AccessType Read) -Type Certificate -CreateSelfSignedCertificate -AdminConsent -MonthsValid 12 -Credential $creds -CertificatePath c:\Temp\M365DSC.cer +Update-M365DSCAzureAdApplication -ApplicationName $Microsoft365DSC -Permissions $(Get-M365DSCCompiledPermissionList -ResourceNameList (Get-M365DSCAllResources) -PermissionType Application -AccessType Read) -Type Certificate -CreateSelfSignedCertificate -AdminConsent -MonthsValid 12 -Credential $creds -CertificatePath c:\Temp\M365DSC.cer .Functionality diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 70221eb111..e6f62bf958 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -628,6 +628,7 @@ function Test-M365DSCParameterState [System.Collections.Hashtable] $IncludedDrifts ) + $VerbosePreference = 'SilentlyContinue' #region Telemetry $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() @@ -842,6 +843,14 @@ function Test-M365DSCParameterState -and [string]::IsNullOrEmpty($DesiredValues.$fieldName)) { } + # Align line breaks + elseif (-not [string]::IsNullOrEmpty($CurrentValues.$fieldName) ` + -and -not [string]::IsNullOrEmpty($DesiredValues.$fieldName) ` + -and [string]::Equals($CurrentValues.$fieldName.Replace("`r`n", "`n"), ` + $DesiredValues.$fieldName.Replace("`r`n", "`n"), ` + [System.StringComparison]::Ordinal)) + { + } else { Write-Verbose -Message ('String value for property ' + ` diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index a4aa29744e..eb7af2d696 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -446,6 +446,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -22255,6 +22260,76 @@ } ] }, + { + "ClassName": "MSFT_EXOTeamsProtectionPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "AdminDisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "HighConfidencePhishQuarantineTag", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MalwareQuarantineTag", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ZapEnabled", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOTenantAllowBlockListItems", "Parameters": [ @@ -47191,7 +47266,7 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", + "ClassName": "MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner", "Parameters": [ { "CIMType": "String", @@ -47208,34 +47283,14 @@ "Name": "Description", "Option": "Write" }, - { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "NetworkName", - "Option": "Write" - }, { "CIMType": "String", - "Name": "Ssid", + "Name": "certFileName", "Option": "Write" }, { "CIMType": "String", - "Name": "WiFiSecurityType", - "Option": "Write" - }, - { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "Name": "trustedRootCertificate", "Option": "Write" }, { @@ -47243,131 +47298,11 @@ "Name": "Ensure", "Option": "Write" }, - { - "CIMType": "MSFT_Credential", - "Name": "Credential", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ApplicationId", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "TenantId", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ManagedIdentity", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", - "Parameters": [ - { - "CIMType": "String", - "Name": "Id", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Description", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "NetworkName", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "PreSharedKey", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "PreSharedKeyIsSet", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxyExclusionList", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxyManualAddress", - "Option": "Write" - }, - { - "CIMType": "UInt32", - "Name": "ProxyManualPort", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ProxySettings", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Ssid", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "WiFiSecurityType", - "Option": "Write" - }, { "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", "Name": "Assignments", "Option": "Write" }, - { - "CIMType": "string", - "Name": "Ensure", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -47406,7 +47341,7 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", + "ClassName": "MSFT_IntuneTrustedRootCertificateAndroidEnterprise", "Parameters": [ { "CIMType": "String", @@ -47423,29 +47358,19 @@ "Name": "Description", "Option": "Write" }, - { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", - "Option": "Write" - }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "certFileName", "Option": "Write" }, { "CIMType": "String", - "Name": "Ssid", + "Name": "trustedRootCertificate", "Option": "Write" }, { - "CIMType": "String", - "Name": "WiFiSecurityType", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { @@ -47453,11 +47378,6 @@ "Name": "Assignments", "Option": "Write" }, - { - "CIMType": "string", - "Name": "Ensure", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -47496,7 +47416,7 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidForWork", + "ClassName": "MSFT_IntuneTrustedRootCertificateIOS", "Parameters": [ { "CIMType": "String", @@ -47513,29 +47433,19 @@ "Name": "Description", "Option": "Write" }, - { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", - "Option": "Write" - }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "certFileName", "Option": "Write" }, { "CIMType": "String", - "Name": "Ssid", + "Name": "trustedRootCertificate", "Option": "Write" }, { - "CIMType": "String", - "Name": "WiFiSecurityType", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { @@ -47543,11 +47453,6 @@ "Name": "Assignments", "Option": "Write" }, - { - "CIMType": "string", - "Name": "Ensure", - "Option": "Write" - }, { "CIMType": "MSFT_Credential", "Name": "Credential", @@ -47586,107 +47491,132 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject", + "ClassName": "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule", "Parameters": [ { - "CIMType": "String", - "Name": "Id", + "CIMType": "String[]", + "Name": "ssids", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "dnsSearchDomains", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "probeUrl", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "action", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "CIMType": "String", + "Name": "domainAction", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "CIMType": "String[]", + "Name": "domains", "Option": "Write" }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "probeRequiredUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "interfaceTypeMatch", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "PreSharedKeyIsSet", + "CIMType": "String[]", + "Name": "dnsServerAddressMatch", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_MicrosoftvpnProxyServer", + "Parameters": [ { "CIMType": "String", - "Name": "Ssid", + "Name": "automaticConfigurationScriptUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "WiFiSecurityType", + "Name": "address", "Option": "Write" }, { - "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", - "Name": "Assignments", + "CIMType": "uint32", + "Name": "port", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_targetedMobileApps", + "Parameters": [ { - "CIMType": "string", - "Name": "Ensure", + "CIMType": "String", + "Name": "name", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "publisher", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "appStoreUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "appId", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_CustomData", + "Parameters": [ { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "key", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "value", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_customKeyValueData", + "Parameters": [ { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "String", + "Name": "name", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "String", + "Name": "value", "Option": "Write" } ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyIOS", + "ClassName": "MSFT_IntuneVPNConfigurationPolicyIOS", "Parameters": [ { "CIMType": "String", @@ -47704,58 +47634,78 @@ "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "CIMType": "String", + "Name": "connectionName", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "CIMType": "String", + "Name": "connectionType", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "DisableMacAddressRandomization", + "Name": "enableSplitTunneling", "Option": "Write" }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "authenticationMethod", "Option": "Write" }, { - "CIMType": "String", - "Name": "PreSharedKey", + "CIMType": "String[]", + "Name": "safariDomains", "Option": "Write" }, { - "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", + "CIMType": "String[]", + "Name": "associatedDomains", "Option": "Write" }, { - "CIMType": "String", - "Name": "ProxyManualAddress", + "CIMType": "String[]", + "Name": "excludedDomains", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "ProxyManualPort", + "CIMType": "MSFT_MicrosoftvpnProxyServer[]", + "Name": "proxyServer", "Option": "Write" }, { - "CIMType": "String", - "Name": "ProxySettings", + "CIMType": "Boolean", + "Name": "optInToDeviceIdSharing", "Option": "Write" }, { - "CIMType": "String", - "Name": "Ssid", + "CIMType": "String[]", + "Name": "excludeList", "Option": "Write" }, { - "CIMType": "String", - "Name": "WiFiSecurityType", + "CIMType": "MSFT_MicrosoftGraphvpnServer[]", + "Name": "server", + "Option": "Write" + }, + { + "CIMType": "MSFT_customData[]", + "Name": "customData", + "Option": "Write" + }, + { + "CIMType": "MSFT_customKeyValueData[]", + "Name": "customKeyValueData", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule[]", + "Name": "onDemandRules", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "targetedMobileApps", "Option": "Write" }, { @@ -47802,65 +47752,110 @@ "CIMType": "String[]", "Name": "AccessTokens", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyMacOS", - "Parameters": [ + }, + { + "CIMType": "uint32", + "Name": "version", + "Option": "Write" + }, { "CIMType": "String", - "Name": "Id", + "Name": "loginGroupOrDomain", "Option": "Write" }, { "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" + "Name": "role", + "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "realm", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "identifier", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ConnectAutomatically", + "Name": "enablePerApp", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "providerType", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ConnectWhenNetworkNameIsHidden", + "Name": "disableOnDemandUserOverride", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "disconnectOnIdle", + "Option": "Write" + }, + { + "CIMType": "uint32", + "Name": "disconnectOnIdleTimerInSeconds", "Option": "Write" }, { "CIMType": "String", - "Name": "NetworkName", + "Name": "microsoftTunnelSiteId", "Option": "Write" }, { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "cloudName", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "strictEnforcement", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", + "Name": "userDomain", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyManualAddress", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "ProxyManualPort", + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxySettings", + "Name": "NetworkName", "Option": "Write" }, { @@ -47921,7 +47916,7 @@ ] }, { - "ClassName": "MSFT_IntuneWifiConfigurationPolicyWindows10", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", "Parameters": [ { "CIMType": "String", @@ -47943,39 +47938,34 @@ "Name": "ConnectAutomatically", "Option": "Write" }, - { - "CIMType": "Boolean", - "Name": "ConnectToPreferredNetwork", - "Option": "Write" - }, { "CIMType": "Boolean", "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ForceFIPSCompliance", + "CIMType": "String", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "MeteredConnectionLimit", + "Name": "PreSharedKey", "Option": "Write" }, { - "CIMType": "String", - "Name": "NetworkName", + "CIMType": "Boolean", + "Name": "PreSharedKeyIsSet", "Option": "Write" }, { "CIMType": "String", - "Name": "PreSharedKey", + "Name": "ProxyAutomaticConfigurationUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "ProxyAutomaticConfigurationUrl", + "Name": "ProxyExclusionList", "Option": "Write" }, { @@ -47990,7 +47980,7 @@ }, { "CIMType": "String", - "Name": "ProxySetting", + "Name": "ProxySettings", "Option": "Write" }, { @@ -48000,7 +47990,7 @@ }, { "CIMType": "String", - "Name": "WifiSecurityType", + "Name": "WiFiSecurityType", "Option": "Write" }, { @@ -48051,101 +48041,101 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings", + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", "Parameters": [ { - "CIMType": "Boolean", - "Name": "AllowDeviceUseBeforeProfileAndAppInstallComplete", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "AllowDeviceUseOnInstallFailure", + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AllowLogCollectionOnInstallFailure", + "Name": "ConnectAutomatically", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "BlockDeviceSetupRetryByUser", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "CustomErrorMessage", + "Name": "NetworkName", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideInstallationProgress", + "CIMType": "String", + "Name": "Ssid", "Option": "Write" }, - { - "CIMType": "UInt32", - "Name": "InstallProgressTimeoutInMinutes", - "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_MicrosoftGraphOutOfBoxExperienceSettings", - "Parameters": [ { "CIMType": "String", - "Name": "DeviceUsageType", + "Name": "WiFiSecurityType", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideEscapeLink", + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HideEULA", + "CIMType": "string", + "Name": "Ensure", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "HidePrivacySettings", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "SkipKeyboardSelectionPage", + "CIMType": "String", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "UserType", + "Name": "TenantId", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", - "Parameters": [ + }, { - "CIMType": "Boolean", - "Name": "HybridAzureADJoinSkipConnectivityCheck", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "String", - "Name": "DeviceNameTemplate", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidForWork", + "Parameters": [ { "CIMType": "String", - "Name": "DeviceType", + "Name": "Id", "Option": "Write" }, { @@ -48154,38 +48144,683 @@ "Option": "Key" }, { - "CIMType": "Boolean", - "Name": "EnableWhiteGlove", + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings", - "Name": "EnrollmentStatusScreenSettings", + "CIMType": "Boolean", + "Name": "ConnectAutomatically", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "ExtractHardwareHash", + "Name": "ConnectWhenNetworkNameIsHidden", "Option": "Write" }, { "CIMType": "String", - "Name": "Language", + "Name": "NetworkName", "Option": "Write" }, { "CIMType": "String", - "Name": "ManagementServiceAppId", - "Option": "Write" - }, - { - "CIMType": "MSFT_MicrosoftGraphoutOfBoxExperienceSettings", - "Name": "OutOfBoxExperienceSettings", + "Name": "Ssid", "Option": "Write" }, { "CIMType": "String", - "Name": "Id", + "Name": "WiFiSecurityType", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreSharedKey", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "PreSharedKeyIsSet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ssid", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WiFiSecurityType", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyIOS", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "DisableMacAddressRandomization", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreSharedKey", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxyAutomaticConfigurationUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxyManualAddress", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "ProxyManualPort", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxySettings", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ssid", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WiFiSecurityType", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyMacOS", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreSharedKey", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxyAutomaticConfigurationUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxyManualAddress", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "ProxyManualPort", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxySettings", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ssid", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WiFiSecurityType", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWifiConfigurationPolicyWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectAutomatically", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectToPreferredNetwork", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ConnectWhenNetworkNameIsHidden", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ForceFIPSCompliance", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MeteredConnectionLimit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreSharedKey", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxyAutomaticConfigurationUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxyManualAddress", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "ProxyManualPort", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProxySetting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ssid", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WifiSecurityType", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings", + "Parameters": [ + { + "CIMType": "Boolean", + "Name": "AllowDeviceUseBeforeProfileAndAppInstallComplete", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowDeviceUseOnInstallFailure", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowLogCollectionOnInstallFailure", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "BlockDeviceSetupRetryByUser", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CustomErrorMessage", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "HideInstallationProgress", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "InstallProgressTimeoutInMinutes", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphOutOfBoxExperienceSettings", + "Parameters": [ + { + "CIMType": "String", + "Name": "DeviceUsageType", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "HideEscapeLink", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "HideEULA", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "HidePrivacySettings", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "SkipKeyboardSelectionPage", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserType", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", + "Parameters": [ + { + "CIMType": "Boolean", + "Name": "HybridAzureADJoinSkipConnectivityCheck", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceNameTemplate", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceType", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "EnableWhiteGlove", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings", + "Name": "EnrollmentStatusScreenSettings", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ExtractHardwareHash", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Language", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ManagementServiceAppId", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphoutOfBoxExperienceSettings", + "Name": "OutOfBoxExperienceSettings", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { @@ -57805,6 +58440,66 @@ } ] }, + { + "ClassName": "MSFT_SPORetentionLabelsSettings", + "Parameters": [ + { + "CIMType": "String", + "Name": "IsSingleInstance", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "AllowFilesWithKeepLabelToBeDeletedODB", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowFilesWithKeepLabelToBeDeletedSPO", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AdvancedRecordVersioningDisabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "MetadataEditBlockingEnabled", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_SPOSearchManagedProperty", "Parameters": [ diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 77a1ddefe0..10fc67918e 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -288,6 +288,15 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' + { + Identity = 'US Mailboxes' + Enabled = $true + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXODistributionGroup 'DemoDG' { Alias = "demodg"; diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 index d25fc939b0..131a783607 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 @@ -259,14 +259,6 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } - EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' - { - Identity = 'US Mailboxes' - Ensure = "Absent" - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - } EXODistributionGroup 'DemoDG' { DisplayName = "My Demo DG"; diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 index 00f12f5038..d8e59a89cc 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 @@ -444,6 +444,15 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' + { + Identity = 'US Mailboxes' + Enabled = $false #Drift + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXODistributionGroup 'DemoDG' { Alias = "demodg"; @@ -1587,6 +1596,17 @@ SourceFolder = "Test2:\Inbox"; TenantId = $TenantId; } + EXOTeamsProtectionPolicy 'EXOTeamsProtectionPolicy' + { + IsSingleInstance = 'Yes' + AdminDisplayName = 'Contoso Administrator' + HighConfidencePhishQuarantineTag = 'DefaultFullAccessPolicy' + MalwareQuarantineTag = 'AdminOnlyAccessPolicy' + ZapEnabled = $true + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } EXOTenantAllowBlockListItems 'Example' { ApplicationId = $ApplicationId; diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 3b0bafd9f3..b5e98a4478 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -3146,6 +3146,74 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneTrustedRootCertificateAndroidDeviceOwner 'ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner' + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + IntuneTrustedRootCertificateAndroidEnterprise 'ConfigureIntuneTrustedRootCertificateAndroidEnterprise' + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + IntuneTrustedRootCertificateIOS 'ConfigureIntuneTrustedRootCertificateIOS' + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + IntuneVPNConfigurationPolicyIOS 'IntuneVPNConfigurationPolicyIOS-Example' + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + associatedDomains = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyIOS-ConnectionName"; + connectionType = "ciscoAnyConnectV2"; + Description = "IntuneVPNConfigurationPolicyIOS-Example Description"; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + enableSplitTunneling = $False; + Ensure = "Present"; + excludedDomains = @(); + excludeList = @(); + Id = "ec5432ff-d536-40cb-ba0a-e16260b01382"; + optInToDeviceIdSharing = $True; + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ); + safariDomains = @(); + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + targetedMobileApps = @(); + } IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' { Assignments = @( diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 index f894f73aa8..fc8ba8aec7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 @@ -48,6 +48,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-PSSession -MockWith { } + Mock -CommandName Get-MgUser -MockWith { + return @{ + UserPrincipalName = "John.Smith" + } + } + Mock -CommandName Start-Sleep -MockWith { } @@ -149,7 +155,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the Set method' { Set-TargetResource @testParams - Assert-MockCalled -CommandName Set-ManagementRoleAssignment -Exactly 1 + Assert-MockCalled -CommandName Remove-ManagementRoleAssignment -Exactly 1 + Assert-MockCalled -CommandName New-ManagementRoleAssignment -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTeamsProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTeamsProtectionPolicy.Tests.ps1 new file mode 100644 index 0000000000..0df417aa3c --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTeamsProtectionPolicy.Tests.ps1 @@ -0,0 +1,184 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOTeamsProtectionPolicy' -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + $Global:PartialExportFileName = 'c:\TestPath' + + + Mock -CommandName Save-M365DSCPartialExport -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Set-TeamsProtectionPolicy -MockWith { + } + + Mock -CommandName New-TeamsProtectionPolicy -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the policy doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = "Yes" + AdminDisplayName = "Contoso Administrator" + HighConfidencePhishQuarantineTag = "DefaultFullAccessPolicy" + MalwareQuarantineTag = "AdminOnlyAccessPolicy" + ZapEnabled = $true + Credential = $Credential + } + + Mock -CommandName Get-TeamsProtectionPolicy -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + $result = (Get-TargetResource @testParams) + $result.AdminDisplayName | Should -BeNullOrEmpty + $result.HighConfidencePhishQuarantineTag | Should -BeNullOrEmpty + $result.MalwareQuarantineTag | Should -BeNullOrEmpty + $result.ZapEnabled | Should -BeNullOrEmpty + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-TeamsProtectionPolicy' -Exactly 1 + Should -Invoke -CommandName 'Set-TeamsProtectionPolicy' -Exactly 1 + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = "Yes" + AdminDisplayName = "Contoso Administrator" + HighConfidencePhishQuarantineTag = "DefaultFullAccessPolicy" + MalwareQuarantineTag = "AdminOnlyAccessPolicy" + ZapEnabled = $true + Credential = $Credential + } + + Mock -CommandName Get-TeamsProtectionPolicy -MockWith { + return @{ + AdminDisplayName = "Contoso Administrator" + HighConfidencePhishQuarantineTag = "DefaultFullAccessPolicy" + MalwareQuarantineTag = "AdminOnlyAccessPolicy" + ZapEnabled = $true + } + } + } + + It 'Should return absent from the Get method' { + $result = (Get-TargetResource @testParams) + $result.AdminDisplayName | Should -Be $testParams.AdminDisplayName + $result.HighConfidencePhishQuarantineTag | Should -Be $testParams.HighConfidencePhishQuarantineTag + $result.MalwareQuarantineTag | Should -Be $testParams.MalwareQuarantineTag + $result.ZapEnabled | Should -Be $testParams.ZapEnabled + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = "Yes" + AdminDisplayName = "Contoso Administrator" + HighConfidencePhishQuarantineTag = "DefaultFullAccessPolicy" + MalwareQuarantineTag = "AdminOnlyAccessPolicy" + ZapEnabled = $true + Credential = $Credential + } + + Mock -CommandName Get-TeamsProtectionPolicy -MockWith { + return @{ + AdminDisplayName = "" + HighConfidencePhishQuarantineTag = "AdminOnlyAccessPolicy" + MalwareQuarantineTag = "AdminOnlyAccessPolicy" + ZapEnabled = $false + } + } + } + + It 'Should return absent from the Get method' { + $result = (Get-TargetResource @testParams) + $result.AdminDisplayName | Should -BeNullOrEmpty + $result.HighConfidencePhishQuarantineTag | Should -Be "AdminOnlyAccessPolicy" + $result.MalwareQuarantineTag | Should -Be "AdminOnlyAccessPolicy" + $result.ZapEnabled | Should -Be $false + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-TeamsProtectionPolicy' -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-TeamsProtectionPolicy -MockWith { + return @{ + AdminDisplayName = "Contoso Administrator" + HighConfidencePhishQuarantineTag = "AdminOnlyAccessPolicy" + MalwareQuarantineTag = "AdminOnlyAccessPolicy" + ZapEnabled = $true + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 new file mode 100644 index 0000000000..f1ee580a86 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidDeviceOwner.Tests.ps1 @@ -0,0 +1,225 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneTrustedRootCertificateAndroidDeviceOwner' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneTrustedRootCertificateAndroidDeviceOwner doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneTrustedRootCertificateAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneTrustedRootCertificateAndroidDeviceOwner already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneTrustedRootCertificateAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneTrustedRootCertificateAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner' + Description = 'Test IntuneTrustedRootCertificateAndroidDeviceOwner Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 new file mode 100644 index 0000000000..3203cd35aa --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneTrustedRootCertificateAndroidEnterprise.Tests.ps1 @@ -0,0 +1,225 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneTrustedRootCertificateAndroidEnterprise' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneTrustedRootCertificateAndroidEnterprise doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneTrustedRootCertificateAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneTrustedRootCertificateAndroidEnterprise already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneTrustedRootCertificateAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneTrustedRootCertificateAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateAndroidEnterprise' + Description = 'Test IntuneTrustedRootCertificateAndroidEnterprise Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.androidTrustedRootCertificate' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyIOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyIOS.Tests.ps1 new file mode 100644 index 0000000000..ba4d9fb4f1 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyIOS.Tests.ps1 @@ -0,0 +1,590 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneVPNConfigurationPolicyIOS' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneVPNConfigurationPolicyIOS doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + enableSplitTunneling = $False + enablePerApp = $False + Id = 'FakeStringValue' + optInToDeviceIdSharing = $True + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + server = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + safariDomains = @{} + associatedDomains = @{} + excludedDomains = @{} + excludeList = @{} + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + onDemandRules = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule ` + -Property @{ + ssids = 'FakeStringValue' + dnsSearchDomains = 'FakeStringValue' + probeUrl = 'FakeStringValue' + action = 'ignore' + domainAction = 'neverConnect' + domains = 'FakeStringValue' + probeRequiredUrl = 'FakeStringValue' + interfaceTypeMatch = 'notConfigured' + dnsServerAddressMatch = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneVPNConfigurationPolicyIOS from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneVPNConfigurationPolicyIOS already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + enableSplitTunneling = $False + enablePerApp = $False + optInToDeviceIdSharing = $True + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + server = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + safariDomains = @{} + associatedDomains = @{} + excludedDomains = @{} + excludeList = @{} + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + onDemandRules = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule ` + -Property @{ + ssids = 'FakeStringValue' + dnsSearchDomains = 'FakeStringValue' + probeUrl = 'FakeStringValue' + action = 'ignore' + domainAction = 'neverConnect' + domains = 'FakeStringValue' + probeRequiredUrl = 'FakeStringValue' + interfaceTypeMatch = 'notConfigured' + dnsServerAddressMatch = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.iosVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + enableSplitTunneling = $False + enablePerApp = $False + disableOnDemandUserOverride = $True + disconnectOnIdle = $True + optInToDeviceIdSharing = $True + onDemandRules = @(` + @{ + ssids = 'FakeStringValue' + dnsSearchDomains = 'FakeStringValue' + probeUrl = 'FakeStringValue' + action = 'ignore' + domainAction = 'neverConnect' + domains = 'FakeStringValue' + probeRequiredUrl = 'FakeStringValue' + interfaceTypeMatch = 'notConfigured' + dnsServerAddressMatch = 'FakeStringValue' + } + ) + server = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.CHANGED.com' #changed value + } + ) + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' # + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneVPNConfigurationPolicyIOS from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + enableSplitTunneling = $False + enablePerApp = $False + optInToDeviceIdSharing = $True + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + server = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + onDemandRules = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule ` + -Property @{ + ssids = 'FakeStringValue' + dnsSearchDomains = 'FakeStringValue' + probeUrl = 'FakeStringValue' + action = 'ignore' + domainAction = 'neverConnect' + domains = 'FakeStringValue' + probeRequiredUrl = 'FakeStringValue' + interfaceTypeMatch = 'notConfigured' + dnsServerAddressMatch = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + safariDomains = @{} + associatedDomains = @{} + excludedDomains = @{} + excludeList = @{} + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.iosVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + enableSplitTunneling = $False + enablePerApp = $False + optInToDeviceIdSharing = $True + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + server = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + onDemandRules = @( + @{ + ssids = 'FakeStringValue' + dnsSearchDomains = 'FakeStringValue' + probeUrl = 'FakeStringValue' + action = 'ignore' + domainAction = 'neverConnect' + domains = 'FakeStringValue' + probeRequiredUrl = 'FakeStringValue' + interfaceTypeMatch = 'notConfigured' + dnsServerAddressMatch = 'FakeStringValue' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + safariDomains = @{} + associatedDomains = @{} + excludedDomains = @{} + excludeList = @{} + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + enableSplitTunneling = $False + enablePerApp = $False + optInToDeviceIdSharing = $True + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + server = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.iosVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + enableSplitTunneling = $False + enablePerApp = $False + optInToDeviceIdSharing = $True + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + server = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneVPNConfigurationPolicyIOS from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.iosVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnectV2' + enableSplitTunneling = $False + enablePerApp = $False + optInToDeviceIdSharing = $True + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + server = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.MSFT_IntuneTrustedRootCertificateIOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.MSFT_IntuneTrustedRootCertificateIOS.Tests.ps1 new file mode 100644 index 0000000000..13486005f3 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.MSFT_IntuneTrustedRootCertificateIOS.Tests.ps1 @@ -0,0 +1,225 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneTrustedRootCertificateIOS' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneTrustedRootCertificateIOS doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneTrustedRootCertificateIOS from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneTrustedRootCertificateIOS already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.iosTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneTrustedRootCertificateIOS from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.iosTrustedRootCertificate' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.iosTrustedRootCertificate' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneTrustedRootCertificateIOS from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'Test IntuneTrustedRootCertificateIOS' + Description = 'Test IntuneTrustedRootCertificateIOS Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + certFileName = "FakeStringValue" + trustedRootCertificate = "fakestringvalue0" + '@odata.type' = '#microsoft.graph.iosTrustedRootCertificate' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 index 1144c7cd33..c55b88bdd8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 @@ -85,12 +85,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-PnPPropertyBag -MockWith { - return @( - @{ - Key = 'MyKey' - Value = 'MyValue' - } - ) + 'MyValue' } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPORetentionLabelsSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPORetentionLabelsSettings.Tests.ps1 new file mode 100644 index 0000000000..b1d63e6821 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPORetentionLabelsSettings.Tests.ps1 @@ -0,0 +1,105 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Invoke-M365DSCSPORetentionLabelsSetting { + return $true + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + + Context -Name "The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = "Yes"; + AdvancedRecordVersioningDisabled = $True; + AllowFilesWithKeepLabelToBeDeletedODB = $true; + AllowFilesWithKeepLabelToBeDeletedSPO = $true; + MetadataEditBlockingEnabled = $true; + Credential = $Credential; + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = "Yes"; + AdvancedRecordVersioningDisabled = $True; + AllowFilesWithKeepLabelToBeDeletedODB = $false; #drift + AllowFilesWithKeepLabelToBeDeletedSPO = $true; + MetadataEditBlockingEnabled = $true; + Credential = $Credential; + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-M365DSCSPORetentionLabelsSetting -Exactly 5 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index e3024b7ad6..7ae62a90b4 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -104707,6 +104707,156 @@ function Get-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest ) } #endregion + +#region TeamsProtectionPolicy +function Get-TeamsProtectionPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.Object] + $Identity + ) +} + +function New-TeamsProtectionPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $Organization, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Set-TeamsProtectionPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +#endregion + +#region TeamsProtectionPolicy +function Get-TeamsProtectionPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.Object] + $Identity + ) +} + +function New-TeamsProtectionPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Object] + $Organization, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Set-TeamsProtectionPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $AdminDisplayName, + + [Parameter()] + [System.String] + $HighConfidencePhishQuarantineTag, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $MalwareQuarantineTag, + + [Parameter()] + [System.Boolean] + $ZapEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} +#endregion #region MgBetaDeviceManagementRoleScopeTagAssignment function Get-MgBetaDeviceManagementRoleScopeTagAssignment { diff --git a/docs/docs/resources/azure-ad/AADAccessReviewDefinition.md b/docs/docs/resources/azure-ad/AADAccessReviewDefinition.md index 610ff50d6a..4356fb4ac9 100644 --- a/docs/docs/resources/azure-ad/AADAccessReviewDefinition.md +++ b/docs/docs/resources/azure-ad/AADAccessReviewDefinition.md @@ -31,7 +31,7 @@ | **QueryType** | Write | String | Indicates the type of query. Types include MicrosoftGraph and ARM. | | | **PrincipalScopes** | Write | MSFT_MicrosoftGraphAccessReviewScope[] | Defines the scopes of the principals for which access to resources are reviewed in the access review. | | | **ResourceScopes** | Write | MSFT_MicrosoftGraphAccessReviewScope[] | Defines the scopes of the resources for which access is reviewed. | | -| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.accessReviewQueryScope`, `#microsoft.graph.accessReviewReviewerScope`, `#microsoft.graph.principalResourceMembershipsScope` | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.accessReviewQueryScope`, `#microsoft.graph.accessReviewReviewerScope`, `#microsoft.graph.principalResourceMembershipsScope`, `#microsoft.graph.accessReviewInactiveUsersQueryScope` | ### MSFT_MicrosoftGraphAccessReviewScheduleSettings diff --git a/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md b/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md index a6e6de26d7..e76e450aec 100644 --- a/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md +++ b/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md @@ -15,6 +15,7 @@ | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/azure-ad/AADIdentityGovernanceProgram.md b/docs/docs/resources/azure-ad/AADIdentityGovernanceProgram.md index 55566ce76a..acfa6ad012 100644 --- a/docs/docs/resources/azure-ad/AADIdentityGovernanceProgram.md +++ b/docs/docs/resources/azure-ad/AADIdentityGovernanceProgram.md @@ -20,7 +20,7 @@ # AADIdentityGovernanceProgram ## Description -Azure AD Identity Governance Program. +Azure AD Identity Governance Program. ## Permissions diff --git a/docs/docs/resources/azure-ad/AADIdentityProtectionPolicySettings.md b/docs/docs/resources/azure-ad/AADIdentityProtectionPolicySettings.md index 750d014884..92ccbffe6b 100644 --- a/docs/docs/resources/azure-ad/AADIdentityProtectionPolicySettings.md +++ b/docs/docs/resources/azure-ad/AADIdentityProtectionPolicySettings.md @@ -17,7 +17,7 @@ ## Description -Use this resource to monitor the identity protection policy settings in AAD. +Use this resource to monitor the identity protection policy settings in AAD. ## Permissions diff --git a/docs/docs/resources/exchange/EXODataEncryptionPolicy.md b/docs/docs/resources/exchange/EXODataEncryptionPolicy.md index 5146af3072..9246e88490 100644 --- a/docs/docs/resources/exchange/EXODataEncryptionPolicy.md +++ b/docs/docs/resources/exchange/EXODataEncryptionPolicy.md @@ -68,8 +68,47 @@ Configuration Example { EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' { - Identity = 'US Mailboxes' - Ensure = "Absent" + Identity = 'US Mailboxes' + Enabled = $true + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' + { + Identity = 'US Mailboxes' + Enabled = $false #Drift + Ensure = "Present" ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/docs/docs/resources/exchange/EXOFocusedInbox.md b/docs/docs/resources/exchange/EXOFocusedInbox.md index 1bc5b11848..07bd2b4adc 100644 --- a/docs/docs/resources/exchange/EXOFocusedInbox.md +++ b/docs/docs/resources/exchange/EXOFocusedInbox.md @@ -16,8 +16,6 @@ | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | -# EXOFocusedInbox - ## Description Manage the Focused Inbox configuration for mailboxes in your organization. diff --git a/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md b/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md index 686a881e9d..2928e14033 100644 --- a/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md +++ b/docs/docs/resources/exchange/EXOMailboxCalendarConfiguration.md @@ -58,7 +58,7 @@ ## Description -This resource allows users to manage mailbox calendar settings. +This resource allows users to manage mailbox calendar settings. ## Permissions diff --git a/docs/docs/resources/exchange/EXORetentionPolicy.md b/docs/docs/resources/exchange/EXORetentionPolicy.md index b5ee023a0d..f1d3551e5f 100644 --- a/docs/docs/resources/exchange/EXORetentionPolicy.md +++ b/docs/docs/resources/exchange/EXORetentionPolicy.md @@ -18,11 +18,9 @@ | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | -# EXORetentionPolicy - -## Description - -Use the New-RetentionPolicy cmdlet to create a retention policy and the Set-RetentionPolicy cmdlet to change the properties of an existing retention policy. +## Description + +Use the New-RetentionPolicy cmdlet to create a retention policy and the Set-RetentionPolicy cmdlet to change the properties of an existing retention policy. ## Permissions diff --git a/docs/docs/resources/exchange/EXOTeamsProtectionPolicy.md b/docs/docs/resources/exchange/EXOTeamsProtectionPolicy.md new file mode 100644 index 0000000000..5ce2e603af --- /dev/null +++ b/docs/docs/resources/exchange/EXOTeamsProtectionPolicy.md @@ -0,0 +1,82 @@ +# EXOTeamsProtectionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | +| **AdminDisplayName** | Write | String | The AdminDisplayName parameter specifies a description for the policy. | | +| **HighConfidencePhishQuarantineTag** | Write | String | The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as high confidence phishing by ZAP for Teams. | `AdminOnlyAccessPolicy`, `DefaultFullAccessPolicy`, `DefaultFullAccessWithNotificationPolicy` | +| **MalwareQuarantineTag** | Write | String | The MalwareQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as malware by ZAP for Teams. | `AdminOnlyAccessPolicy`, `DefaultFullAccessPolicy`, `DefaultFullAccessWithNotificationPolicy` | +| **ZapEnabled** | Write | Boolean | The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP) for malware and high confidence phishing messages in Teams messages. | | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +## Description + +Create or modify a TeamsProtectionPolicy in your cloud-based organization. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Compliance Management, Delegated Setup, Hygiene Management, Organization Management, View-Only Organization Management + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOTeamsProtectionPolicy 'EXOTeamsProtectionPolicy' + { + IsSingleInstance = 'Yes' + AdminDisplayName = 'Contoso Administrator' + HighConfidencePhishQuarantineTag = 'DefaultFullAccessPolicy' + MalwareQuarantineTag = 'AdminOnlyAccessPolicy' + ZapEnabled = $true + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAppConfigurationDevicePolicy.md b/docs/docs/resources/intune/IntuneAppConfigurationDevicePolicy.md index 79e0395881..cc6fe79e7d 100644 --- a/docs/docs/resources/intune/IntuneAppConfigurationDevicePolicy.md +++ b/docs/docs/resources/intune/IntuneAppConfigurationDevicePolicy.md @@ -61,7 +61,7 @@ ## Description -Intune App Configuration Device Policy. +Intune App Configuration Device Policy. Please note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation. diff --git a/docs/docs/resources/intune/IntuneTrustedRootCertificateAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneTrustedRootCertificateAndroidDeviceOwner.md new file mode 100644 index 0000000000..b30a387990 --- /dev/null +++ b/docs/docs/resources/intune/IntuneTrustedRootCertificateAndroidDeviceOwner.md @@ -0,0 +1,182 @@ +# IntuneTrustedRootCertificateAndroidDeviceOwner + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration | | +| **certFileName** | Write | String | File name to display in UI. | | +| **trustedRootCertificate** | Write | String | Trusted Root Certificate. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +This resource configures an Intune Android Device Owner Trusted Root Certificate Policy. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Device Owner/Administrator devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidDeviceOwner "ConfigureIntuneTrustedRootCertificateAndroidDeviceOwner" + { + Description = "IntuneTrustedRootCertificateAndroidDeviceOwner Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneTrustedRootCertificateAndroidEnterprise.md b/docs/docs/resources/intune/IntuneTrustedRootCertificateAndroidEnterprise.md new file mode 100644 index 0000000000..b9ea46a6ee --- /dev/null +++ b/docs/docs/resources/intune/IntuneTrustedRootCertificateAndroidEnterprise.md @@ -0,0 +1,182 @@ +# IntuneTrustedRootCertificateAndroidEnterprise + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration | | +| **certFileName** | Write | String | File name to display in UI. | | +| **trustedRootCertificate** | Write | String | Trusted Root Certificate. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +This resource configures an Intune Android Enterprise Trusted Root Certificate Policy. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for Android Enterprise devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateAndroidEnterprise "ConfigureIntuneTrustedRootCertificateAndroidEnterprise" + { + Description = "IntuneTrustedRootCertificateAndroidEnterprise Description"; + DisplayName = "IntuneTrustedRootCertificateAndroidEnterprise DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneTrustedRootCertificateIOS.md b/docs/docs/resources/intune/IntuneTrustedRootCertificateIOS.md new file mode 100644 index 0000000000..f1944ceddb --- /dev/null +++ b/docs/docs/resources/intune/IntuneTrustedRootCertificateIOS.md @@ -0,0 +1,182 @@ +# IntuneTrustedRootCertificateIOS + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration | | +| **certFileName** | Write | String | File name to display in UI. | | +| **trustedRootCertificate** | Write | String | Trusted Root Certificate. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +This resource configures an Intune iOS Trusted Root Certificate Policy. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for iOs devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateIOS "ConfigureIntuneTrustedRootCertificateIOS" + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Present"; + certFileName = "fakename.cer"; + trustedRootCertificate = "insertValidBase64StringHere"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for iOs devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateIOS "ConfigureIntuneTrustedRootCertificateIOS" + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Present"; + certFileName = "newfakename.cer"; #changed value + trustedRootCertificate = "insertValidBase64StringHereForAnotherCert" #changed value + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example creates a new Intune Trusted Root Certificate Configuration Policy for iOs devices + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneTrustedRootCertificateIOS "ConfigureIntuneTrustedRootCertificateIOS" + { + Description = "IntuneTrustedRootCertificateIOS Description"; + DisplayName = "IntuneTrustedRootCertificateIOS DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyIOS.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyIOS.md new file mode 100644 index 0000000000..625961b0da --- /dev/null +++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyIOS.md @@ -0,0 +1,324 @@ +# IntuneVPNConfigurationPolicyIOS + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **connectionName** | Write | String | Connection name displayed to the user. | | +| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `customVpn`, `ciscoIPSec`, `citrix`, `ciscoAnyConnectV2`, `paloAltoGlobalProtect`, `zscalerPrivateAccess`, `f5Access2018`, `citrixSso`, `paloAltoGlobalProtectV2`, `ikEv2`, `alwaysOn`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` | +| **enableSplitTunneling** | Write | Boolean | Send all network traffic through VPN. | | +| **authenticationMethod** | Write | String | Authentication method for this VPN connection. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` | +| **safariDomains** | Write | StringArray[] | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. | | +| **associatedDomains** | Write | StringArray[] | Associated Domains. These domains will be linked with the VPN configuration. | | +| **excludedDomains** | Write | StringArray[] | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated. | | +| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Represents the assignment to the Intune policy. | | +| **optInToDeviceIdSharing** | Write | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. | | +| **excludeList** | Write | StringArray[] | Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta. | | +| **server** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | | +| **customData** | Write | MSFT_customData[] | Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements | | +| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements | | +| **onDemandRules** | Write | MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule[] | On-Demand Rules. This collection can contain a maximum of 500 elements. | | +| **targetedMobileApps** | Write | StringArray[] | Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | +| **version** | Write | UInt32 | Version of the device configuration. Inherited from deviceConfiguration. | | +| **loginGroupOrDomain** | Write | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration. | | +| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration. | | +| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration. | | +| **identifier** | Write | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration. | | +| **enablePerApp** | Write | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration. | | +| **providerType** | Write | String | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel. | `notConfigured`, `appProxy`, `packetTunnel` | +| **disableOnDemandUserOverride** | Write | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration. | | +| **disconnectOnIdle** | Write | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration | | +| **disconnectOnIdleTimerInSeconds** | Write | UInt32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration. | | +| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | | +| **cloudName** | Write | String | Zscaler only. Zscaler cloud which the user is assigned to. | | +| **strictEnforcement** | Write | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. True means traffic is blocked. | | +| **userDomain** | Write | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ssids** | Write | StringArray[] | Network Service Set Identifiers (SSIDs). | | +| **dnsSearchDomains** | Write | StringArray[] | DNS Search Domains. | | +| **probeUrl** | Write | String | A URL to probe. If this URL is successfully fetched, returning a 200 HTTP status code, without redirection, this rule matches. | | +| **action** | Write | String | Action. Possible values are: connect, evaluateConnection, ignore, disconnect. | `connect`, `evaluateConnection`, `ignore`, `disconnect` | +| **domainAction** | Write | String | Domain Action, Only applicable when Action is evaluate connection. Possible values are: connectIfNeeded, neverConnect. | `connectIfNeeded`, `neverConnect` | +| **domains** | Write | StringArray[] | Domains, Only applicable when Action is evaluate connection. | | +| **probeRequiredUrl** | Write | String | Probe Required URL. Only applicable when Action is evaluate connection and DomainAction is connectIfNeeded. | | +| **interfaceTypeMatch** | Write | String | Network interface to trigger VPN. Possible values are: notConfigured, ethernet, wiFi, cellular. | `notConfigured`, `ethernet`, `wiFi`, `cellular` | +| **dnsServerAddressMatch** | Write | StringArray[] | DNS Search Server Address. | | + +### MSFT_MicrosoftGraphVpnServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **address** | Write | String | Address (IP address, FQDN or URL) | | +| **description** | Write | String | Description. | | +| **isDefaultServer** | Write | Boolean | Default server. | | + +### MSFT_MicrosoftvpnProxyServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | | +| **address** | Write | String | Address. | | +| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | | + +### MSFT_targetedMobileApps + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | The application name. | | +| **publisher** | Write | String | The publisher of the application. | | +| **appStoreUrl** | Write | String | The Store URL of the application. | | +| **appId** | Write | String | The application or bundle identifier of the application. | | + +### MSFT_CustomData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **key** | Write | String | Key for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + +### MSFT_customKeyValueData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | Name for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + + +## Description + +This resource configures an Intune VPN Configuration Policy for iOS Device. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyIOS "IntuneVPNConfigurationPolicyIOS-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + associatedDomains = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyIOS-ConnectionName"; + connectionType = "ciscoAnyConnectV2"; + Description = "IntuneVPNConfigurationPolicyIOS-Example Description"; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + enableSplitTunneling = $False; + Ensure = "Present"; + excludedDomains = @(); + excludeList = @(); + Id = "ec5432ff-d536-40cb-ba0a-e16260b01382"; + optInToDeviceIdSharing = $True; + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ); + safariDomains = @(); + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + targetedMobileApps = @(); + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyIOS "IntuneVPNConfigurationPolicyIOS-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + associatedDomains = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyIOS-ConnectionName"; + connectionType = "ciscoAnyConnectV2"; + Description = "IntuneVPNConfigurationPolicyIOS-Example Description"; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + enableSplitTunneling = $False; + Ensure = "Present"; + excludedDomains = @(); + excludeList = @(); + Id = "ec5432ff-d536-40cb-ba0a-e16260b01382"; + optInToDeviceIdSharing = $True; + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ); + safariDomains = @(); + server = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.newAddress.com' #updated VPN address + } + ); + targetedMobileApps = @(); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyIOS "IntuneVPNConfigurationPolicyIOS-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyIOS-Example"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md index da5c950514..db7983ef52 100644 --- a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md @@ -51,19 +51,19 @@ Intune Windows Update For Business Feature Update Profile for Windows10 ## RolloutSettings -The RolloutSettings for this resource have the following constraints and notes: +The RolloutSettings for this resource have the following constraints and notes: * When creating a policy: - * If only a start date is specified, then the start date must be at least today. + * If only a start date is specified, then the start date must be at least today. * If the desired state date is before the current date, it will be adjusted to the current date. - * If a start and end date is specified, the start date must be the current date + 2 days, and + * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date. * If the start date is before the current date + 2 days, it will be adjusted to this date. * When updating a policy: - * If only a start date is specified, then the start date must either be the date from the current - configuration or the current date (or later). + * If only a start date is specified, then the start date must either be the date from the current + configuration or the current date (or later). * If the desired state date is before the current date, it will be adjusted to the current date. - * If a start and end date is specified, the start date must be the current date + 2 days, and + * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date. * If the start date is before the current date + 2 days, it will be adjusted to this date. * When testing a policy: diff --git a/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md b/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md index affeef4c86..c49568d13f 100644 --- a/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md +++ b/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md @@ -61,10 +61,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -72,14 +81,16 @@ Configuration Example { SCCaseHoldPolicy 'CaseHoldPolicy' { - Case = "Test Case" - ExchangeLocation = "DemoGroup@contoso.onmicrosoft.com" - Name = "Demo Hold" - PublicFolderLocation = "All" - Comment = "This is a demo" - Enabled = $True - Ensure = "Present" - Credential = $Credscredential + Case = 'Test Case' + ExchangeLocation = 'DemoGroup@contoso.onmicrosoft.com' + Name = 'Demo Hold' + PublicFolderLocation = 'All' + Comment = 'This is a demo' + Enabled = $True + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md b/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md index f6f2ea2c9e..d97ca5ab40 100644 --- a/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md +++ b/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md @@ -57,23 +57,35 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC Node localhost { SCSupervisoryReviewRule 'SupervisoryReviewRule' { - Name = "DemoRule" - Condition = "(NOT(Reviewee:US Compliance))" - SamplingRate = 100 - Policy = 'TestPolicy' - Ensure = "Present" - Credential = $Credscredential + Name = 'DemoRule' + Condition = '(NOT(Reviewee:US Compliance))' + SamplingRate = 100 + Policy = 'TestPolicy' + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md b/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md index c3406169eb..1dccdffe41 100644 --- a/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md +++ b/docs/docs/resources/security-compliance/SCUnifiedAuditLogRetentionPolicy.md @@ -35,22 +35,35 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credentials + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { SCUnifiedAuditLogRetentionPolicy 'Example' { - Credential = $Credentials; - Ensure = "Present"; - Name = "Test Policy"; - Priority = 1; - RetentionDuration = "SevenDays"; + Credential = $Credentials + Ensure = 'Present' + Name = 'Test Policy' + Priority = 1 + RetentionDuration = 'SevenDays' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/sharepoint/SPORetentionLabelsSettings.md b/docs/docs/resources/sharepoint/SPORetentionLabelsSettings.md new file mode 100644 index 0000000000..38ab227ff9 --- /dev/null +++ b/docs/docs/resources/sharepoint/SPORetentionLabelsSettings.md @@ -0,0 +1,114 @@ +# SPORetentionLabelsSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | +| **AllowFilesWithKeepLabelToBeDeletedODB** | Write | Boolean | Set whether files with Keep Label can be deleted in OneDrive for Business. | | +| **AllowFilesWithKeepLabelToBeDeletedSPO** | Write | Boolean | Set whether files with Keep Label can be deleted in SharePoint Online. | | +| **AdvancedRecordVersioningDisabled** | Write | Boolean | Set to enable or disable the advanced record versioning. | | +| **MetadataEditBlockingEnabled** | Write | Boolean | Set metadata edit blocking enabled setting. | | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Configures the retention label settings. This setting is accessible via the Purview Record Management settings screen. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +### Microsoft SharePoint + +To authenticate with the SharePoint API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - + +- **Update** + + - + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + SPORetentionLabelsSettings "SPORetentionLabelsSettings" + { + AdvancedRecordVersioningDisabled = $True; + AllowFilesWithKeepLabelToBeDeletedODB = $false; + AllowFilesWithKeepLabelToBeDeletedSPO = $false; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + IsSingleInstance = "Yes"; + MetadataEditBlockingEnabled = $true; + TenantId = $TenantId; + } + } +} +``` + diff --git a/docs/docs/resources/teams/TeamsCallHoldPolicy.md b/docs/docs/resources/teams/TeamsCallHoldPolicy.md index 18a7d2dfa1..3e0d044109 100644 --- a/docs/docs/resources/teams/TeamsCallHoldPolicy.md +++ b/docs/docs/resources/teams/TeamsCallHoldPolicy.md @@ -56,10 +56,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -67,9 +76,11 @@ Configuration Example { TeamsCallHoldPolicy 'Example' { - Credential = $Credscredential; - Ensure = "Present"; - Identity = "Global"; + Identity = 'Global' + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/teams/TeamsChannel.md b/docs/docs/resources/teams/TeamsChannel.md index e00778fb35..57a8489e6a 100644 --- a/docs/docs/resources/teams/TeamsChannel.md +++ b/docs/docs/resources/teams/TeamsChannel.md @@ -57,23 +57,35 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { TeamsChannel 'ConfigureChannel' { - TeamName = "SuperSecretTeam" - DisplayName = "SP2013 Review teams group" - NewDisplayName = "SP2016 Review teams group" - Description = "SP2016 Code reviews for SPFX" - Ensure = "Present" - Credential = $Credscredential + TeamName = 'SuperSecretTeam' + DisplayName = 'SP2013 Review teams group' + NewDisplayName = 'SP2016 Review teams group' + Description = 'SP2016 Code reviews for SPFX' + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/teams/TeamsChannelsPolicy.md b/docs/docs/resources/teams/TeamsChannelsPolicy.md index b7be6596dc..addd06b40d 100644 --- a/docs/docs/resources/teams/TeamsChannelsPolicy.md +++ b/docs/docs/resources/teams/TeamsChannelsPolicy.md @@ -64,9 +64,17 @@ Configuration Example { param ( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -84,7 +92,9 @@ Configuration Example AllowSharedChannelCreation = $True AllowUserToParticipateInExternalSharedChannel = $True Ensure = 'Present' - Credential = $Credscredential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/teams/TeamsShiftsPolicy.md b/docs/docs/resources/teams/TeamsShiftsPolicy.md index 0ea95dac15..44ff987b75 100644 --- a/docs/docs/resources/teams/TeamsShiftsPolicy.md +++ b/docs/docs/resources/teams/TeamsShiftsPolicy.md @@ -61,10 +61,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC @@ -72,16 +81,18 @@ Configuration Example { TeamsShiftsPolicy 'Example' { - AccessGracePeriodMinutes = 15; - AccessType = "UnrestrictedAccess_TeamsApp"; - Credential = $Credscredential; - EnableScheduleOwnerPermissions = $False; - EnableShiftPresence = $False; - Ensure = "Present"; - Identity = "Global"; - ShiftNoticeFrequency = "Never"; - ShiftNoticeMessageCustom = ""; - ShiftNoticeMessageType = "DefaultMessage"; + Identity = 'Global' + AccessGracePeriodMinutes = 15 + AccessType = 'UnrestrictedAccess_TeamsApp' + EnableScheduleOwnerPermissions = $False + EnableShiftPresence = $False + Ensure = 'Present' + ShiftNoticeFrequency = 'Never' + ShiftNoticeMessageCustom = '' + ShiftNoticeMessageType = 'DefaultMessage' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/resources/teams/TeamsTeam.md b/docs/docs/resources/teams/TeamsTeam.md index 23f19939bf..b4a104ea3b 100644 --- a/docs/docs/resources/teams/TeamsTeam.md +++ b/docs/docs/resources/teams/TeamsTeam.md @@ -75,21 +75,31 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential + param + ( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { TeamsTeam 'ConfigureTeam' { - DisplayName = "Sample3" - Description = "Sample" - Visibility = "Private" - MailNickName = "DSCTeam2" + DisplayName = 'Sample3' + Description = 'Sample' + Visibility = 'Private' + MailNickName = 'DSCTeam2' AllowUserEditMessages = $false AllowUserDeleteMessages = $false AllowOwnerDeleteMessages = $false @@ -101,13 +111,15 @@ Configuration Example AllowCreateUpdateRemoveTabs = $false AllowCreateUpdateRemoveConnectors = $false AllowGiphy = $True - GiphyContentRating = "strict" + GiphyContentRating = 'strict' AllowStickersAndMemes = $True AllowCustomMemes = $True AllowGuestCreateUpdateChannels = $true AllowGuestDeleteChannels = $true - Ensure = "Present" - Credential = $Credscredential + Ensure = 'Present' + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } } } diff --git a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md index 77ddc22059..7ed80f78e1 100644 --- a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md +++ b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md @@ -86,6 +86,6 @@ This function does not generate any output. -------------------------- EXAMPLE 4 -------------------------- -`Update-M365DSCAzureAdApplication -ApplicationName $Microsoft365DSC -Permissions $(Get-M365DSCCompiledPermissionList -ResourceNameList Get-M365DSCAllResources -PermissionType Application -AccessType Read) -Type Certificate -CreateSelfSignedCertificate -AdminConsent -MonthsValid 12 -Credential $creds -CertificatePath c:\Temp\M365DSC.cer` +`Update-M365DSCAzureAdApplication -ApplicationName $Microsoft365DSC -Permissions $(Get-M365DSCCompiledPermissionList -ResourceNameList (Get-M365DSCAllResources) -PermissionType Application -AccessType Read) -Type Certificate -CreateSelfSignedCertificate -AdminConsent -MonthsValid 12 -Credential $creds -CertificatePath c:\Temp\M365DSC.cer`