From 389c899a1b705f8895dc4785fd8dce33e88d577d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 10 Jan 2024 09:43:35 -0500 Subject: [PATCH 1/4] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2916cf3c18..89841c7431 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.110.1 * AADAdministrativeUnit * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. @@ -9,9 +9,11 @@ * Implement Fix #3885. Manage Exclude Application. FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] * EXOHostedContentFilterPolicy - * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, + * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, BlockSenderDomains if desired state is empty but current state is not empty. FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) +* EXOMailContact + * Added support for Custom Attributes and Extension Custom Attributes. * IntuneDeviceConfigurationPolicyMacOS * Fix workaround added on PR #4099 in order to be able to use this resource for deployments From 299f9341f58b1b47694a6de5625e3701d9f7d792 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 10 Jan 2024 13:16:00 -0500 Subject: [PATCH 2/4] Fixes Tests --- .../1-Create.ps1 | 13 ------------- .../2-Update.ps1 | 12 ------------ 2 files changed, 25 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 index fb6900710a..0b8f318d57 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 @@ -30,11 +30,6 @@ Configuration Example } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ - DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -42,10 +37,6 @@ Configuration Example State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -53,10 +44,6 @@ Configuration Example State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 index af044fae17..0d6ef9e0e0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -31,10 +31,6 @@ Configuration Example ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -42,10 +38,6 @@ Configuration Example State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -53,10 +45,6 @@ Configuration Example State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' From 2a9927fc110fae3263312ec4df5a6aa4d4606b0b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 10 Jan 2024 13:19:53 -0500 Subject: [PATCH 3/4] Release candidate --- CHANGELOG.md | 4 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 60 +++++++++----------- 2 files changed, 28 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3139ee3450..d15532bb40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,14 +2,12 @@ # 1.24.110.1 - * AADAdministrativeUnit * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. * AADAuthenticationMethodPolicyX509 * Added support for the property for include targets * AADConditionalAccessPolicy * Added support for application filters in the conditions. -* AADConditionalAccessPolicy * Implement Fix #3885. Manage Exclude Application. FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] * AADGroupOwnerConsentSettings @@ -28,6 +26,8 @@ * SCDLPComplianceRule * Fix type of AccessScope FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463) +* TeamsTenantDialPlan + * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767) # 1.24.103.1 diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index ffe31fa83a..7f2b2f7538 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-01-03 +# Generated on: 2024-01-10 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.103.1' + ModuleVersion = '1.24.110.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,40 +140,32 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADConditionalAccessPolicy - * Fix Get-TargetResource when the parameter Id is not present - FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) - * EXOInboundConnector - * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. - * EXOMailTips - * Added parameter descriptions for better documentation - * EXOOutboundConnector - * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. - * EXOReportSubmissionPolicy + ReleaseNotes = '* AADAdministrativeUnit + * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. + * AADAuthenticationMethodPolicyX509 + * Added support for the property for include targets + * AADConditionalAccessPolicy + * Added support for application filters in the conditions. + * Implement Fix #3885. Manage Exclude Application. + FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] + * AADGroupOwnerConsentSettings * Initial release - FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) - * EXOReportSubmissionRule - * Initial release - FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) - * EXOTransportRule - * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) - FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) + Implements [#4112](https://github.com/microsoft/Microsoft365DSC/issues/4112) + * EXOHostedContentFilterPolicy + * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, + BlockSenderDomains if desired state is empty but current state is not empty. + FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) + * EXOMailContact + * Added support for Custom Attributes and Extension Custom Attributes. * IntuneDeviceConfigurationPolicyMacOS - * Added parameter descriptions for better documentation - * IntuneSettingCatalogCustomPolicyWindows10 - * Fix Get-TargetResource when the parameter Id is not present - FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) - * SPOTenantSettings - * Added parameter descriptions for better documentation - * TeamsChannel - * Add error handling if GroupId of a team is null - FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) - * TeamsFeedbackPolicy - * Added parameter descriptions for better documentation - * TeamsMobilityPolicy - * Added parameter descriptions for better documentation - * TeamsNetworkRoamingPolicy - * Added parameter descriptions for better documentation' + * Fix workaround added on PR #4099 in order to be able to use this resource + for deployments + FIXES [#4105](https://github.com/microsoft/Microsoft365DSC/issues/4105) + * SCDLPComplianceRule + * Fix type of AccessScope + FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463) + * TeamsTenantDialPlan + * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767)' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 5eb0e1a105d7221bcd2be7d323ad79d511742d38 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 10 Jan 2024 14:21:10 -0500 Subject: [PATCH 4/4] Fixes --- .../MSFT_AADGroupOwnerConsentSettings.psm1 | 90 +++++-------------- .../1-Create.ps1 | 5 +- .../2-Update.ps1 | 4 +- 3 files changed, 27 insertions(+), 72 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupOwnerConsentSettings/MSFT_AADGroupOwnerConsentSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupOwnerConsentSettings/MSFT_AADGroupOwnerConsentSettings.psm1 index 507f857ec8..f28a7d0546 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupOwnerConsentSettings/MSFT_AADGroupOwnerConsentSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupOwnerConsentSettings/MSFT_AADGroupOwnerConsentSettings.psm1 @@ -77,7 +77,7 @@ function Get-TargetResource $getValue = $null $consentPolicySettingsTemplateId = Get-MSConsentPolicySettingsTemplateId - write-verbose "Get GroupSettings template with TemplateId $consentPolicySettingsTemplateId" + Write-Verbose -Message "Get GroupSettings template with TemplateId $consentPolicySettingsTemplateId" $templateSettings = Get-MgGroupSettingTemplateGroupSettingTemplate -GroupSettingTemplateId $consentPolicySettingsTemplateId $getValue = Get-MgGroupSetting -GroupSettingId $consentPolicySettingsTemplateId -ErrorAction SilentlyContinue @@ -97,9 +97,9 @@ function Get-TargetResource Write-Verbose -Message "UNEXPECTED: Could not find an Azure AD Group Consent Settings with DisplayName {$($templateSettings.DisplayName)}" # insert default values from template - $nullresult.EnableGroupSpecificConsent = $templateSettings.Values.Where({$_.Name -eq 'EnableGroupSpecificConsent' }).DefaultValue - $nullresult.BlockUserConsentForRiskyApps = $templateSettings.Values.Where({$_.Name -eq 'BlockUserConsentForRiskyApps'}).DefaultValue - $nullresult.EnableAdminConsentRequests = $templateSettings.Values.Where({$_.Name -eq 'EnableAdminConsentRequests' }).DefaultValue + $nullresult.EnableGroupSpecificConsent = [Boolean]($templateSettings.Values.Where({$_.Name -eq 'EnableGroupSpecificConsent' }).DefaultValue) + $nullresult.BlockUserConsentForRiskyApps = [Boolean]($templateSettings.Values.Where({$_.Name -eq 'BlockUserConsentForRiskyApps'}).DefaultValue) + $nullresult.EnableAdminConsentRequests = [Boolean]($templateSettings.Values.Where({$_.Name -eq 'EnableAdminConsentRequests' }).DefaultValue) $nullresult.ConstrainGroupSpecificConsentToMembersOfGroupName = $null return $nullResult } @@ -124,9 +124,9 @@ function Get-TargetResource $results = @{ IsSingleInstance = 'Yes' - EnableGroupSpecificConsent = $groupSettingsValues.EnableGroupSpecificConsent - BlockUserConsentForRiskyApps = $groupSettingsValues.BlockUserConsentForRiskyApps - EnableAdminConsentRequests = $groupSettingsValues.EnableAdminConsentRequests + EnableGroupSpecificConsent = [Boolean]$groupSettingsValues.EnableGroupSpecificConsent + BlockUserConsentForRiskyApps = [Boolean]$groupSettingsValues.BlockUserConsentForRiskyApps + EnableAdminConsentRequests = [Boolean]$groupSettingsValues.EnableAdminConsentRequests ConstrainGroupSpecificConsentToMembersOfGroupName = $constrainConsentToGroupName Ensure = 'Present' Credential = $Credential @@ -380,41 +380,11 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the Azure AD Group Consent Settings with Id {$Id} and DisplayName {$DisplayName}" + Write-Verbose -Message "Testing configuration of the Azure AD Group Consent Settings" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) - { - Write-Verbose -Message "Test-TargetResource returned $false" - return $false - } - $testResult = $true - - #Compare Cim instances - foreach ($key in $PSBoundParameters.Keys) - { - $source = $PSBoundParameters.$key - $target = $CurrentValues.$key - if ($source.getType().Name -like '*CimInstance*') - { - $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - - $testResult = Compare-M365DSCComplexObject ` - -Source ($source) ` - -Target ($target) - - if (-Not $testResult) - { - $testResult = $false - break - } - - $ValuesToCheck.Remove($key) | Out-Null - } - } - $ValuesToCheck.remove('Id') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null @@ -424,13 +394,10 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - if ($testResult) - { - $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - } + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $testResult" @@ -503,29 +470,20 @@ function Export-TargetResource } $results = Get-TargetResource @params - if ($results -is [System.Collections.Hashtable] -and $results.Count -gt 1) - { - Write-Host "`r`n" -NoNewline - Write-Host " |---[1/1] $($groupConsentSettingsTemplate.DisplayName)" -NoNewline - $results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $results ` - -Credential $Credential - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - else - { - Write-Host $Global:M365DSCEmojiRedX - } + Write-Host "`r`n" -NoNewline + Write-Host " |---[1/1] $($groupConsentSettingsTemplate.DisplayName)" -NoNewline + $results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $results ` + -Credential $Credential + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark return $currentDSCBlock - } catch { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 index 0b8f318d57..4154df76fb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 @@ -24,12 +24,9 @@ Configuration Example Id = 'Legal Team' TargetType = 'group' } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' - TargetType = 'group' - } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ + DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 index b57ce2441d..e5249bc9b3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -19,9 +19,9 @@ Configuration Example { Credential = $Credscredential; Ensure = "Present"; - ExcludeTargets = @( # Updated Property + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Legal Team' + Id = 'Finance Team' # Updated Property TargetType = 'group' } );