diff --git a/CHANGELOG.md b/CHANGELOG.md index ccb904dc54..d27d2f8385 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* AADConditionalAccessPolicy + * Changed the InsiderRiskTypes property to a string array. + # 1.25.129.3 * EXOMigrationEndpoint diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 331a56ecc3..ca02585337 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -225,7 +225,7 @@ function Get-TargetResource [Parameter()] [ValidateSet('minor', 'moderate', 'elevated', 'unknownFutureValue')] - [System.String] + [System.String[]] $InsiderRiskLevels, #generic @@ -649,6 +649,12 @@ function Get-TargetResource } } + $InsiderRiskLevelsValue = $null + if (-not [System.String]::IsNullOrEmpty($Policy.Conditions.InsiderRiskLevels)) + { + $InsiderRiskLevelsValue = $Policy.Conditions.InsiderRiskLevels.Split(',') + } + $result = @{ DisplayName = $Policy.DisplayName Id = $Policy.Id @@ -727,7 +733,7 @@ function Get-TargetResource TransferMethods = [System.String]$Policy.Conditions.AuthenticationFlows.TransferMethods #Standard part TermsOfUse = $termOfUseName - InsiderRiskLevels = $Policy.Conditions.InsiderRiskLevels + InsiderRiskLevels = $InsiderRiskLevelsValue Ensure = 'Present' Credential = $Credential ApplicationSecret = $ApplicationSecret @@ -968,7 +974,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('minor', 'moderate', 'elevated', 'unknownFutureValue')] - [System.String] + [System.String[]] $InsiderRiskLevels, #generic @@ -1687,7 +1693,7 @@ function Set-TargetResource if ([String]::IsNullOrEmpty($InsiderRiskLevels) -eq $false) { - $conditions.Add('insiderRiskLevels', $InsiderRiskLevels) + $conditions.Add('insiderRiskLevels', $($InsiderRiskLevels -join ',')) } Write-Verbose -Message 'Set-Targetresource: process risk levels and app types' @@ -2165,7 +2171,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('minor', 'moderate', 'elevated', 'unknownFutureValue')] - [System.String] + [System.String[]] $InsiderRiskLevels, #generic diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof index 556ec8f895..339c98e9b3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof @@ -51,7 +51,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength; [Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods; [Write, Description("Authentication context class references.")] String AuthenticationContexts[]; - [Write, Description("Insider risk levels conditions."), ValueMap{"minor", "moderate", "elevated", "unknownFutureValue"}, Values{"minor", "moderate", "elevated", "unknownFutureValue"}] String InsiderRiskLevels; + [Write, Description("Insider risk levels conditions."), ValueMap{"minor", "moderate", "elevated", "unknownFutureValue"}, Values{"minor", "moderate", "elevated", "unknownFutureValue"}] String InsiderRiskLevels[]; [Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 49e066acc4..7dd7765973 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -3126,7 +3126,7 @@ function Export-TargetResource $Results.Remove('CompliantAppsList') | Out-Null } } - if ($Results.MediaContentRatingAustralia) + if ($Results.MediaContentRatingAustralia.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingAustralia -CIMInstanceName MicrosoftGraphmediacontentratingaustralia if ($complexTypeStringResult) @@ -3138,7 +3138,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingAustralia') | Out-Null } } - if ($Results.MediaContentRatingCanada) + else + { + $Results.Remove('MediaContentRatingAustralia') | Out-Null + } + if ($Results.MediaContentRatingCanada.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingCanada -CIMInstanceName MicrosoftGraphmediacontentratingcanada if ($complexTypeStringResult) @@ -3150,7 +3154,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingCanada') | Out-Null } } - if ($Results.MediaContentRatingFrance) + else + { + $Results.Remove('MediaContentRatingCanada') | Out-Null + } + if ($Results.MediaContentRatingFrance.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingFrance -CIMInstanceName MicrosoftGraphmediacontentratingfrance if ($complexTypeStringResult) @@ -3162,7 +3170,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingFrance') | Out-Null } } - if ($Results.MediaContentRatingGermany) + else + { + $Results.Remove('MediaContentRatingFrance') | Out-Null + } + if ($Results.MediaContentRatingGermany.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingGermany -CIMInstanceName MicrosoftGraphmediacontentratinggermany if ($complexTypeStringResult) @@ -3174,7 +3186,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingGermany') | Out-Null } } - if ($Results.MediaContentRatingIreland) + else + { + $Results.Remove('MediaContentRatingGermany') | Out-Null + } + if ($Results.MediaContentRatingIreland.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingIreland -CIMInstanceName MicrosoftGraphmediacontentratingireland if ($complexTypeStringResult) @@ -3186,7 +3202,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingIreland') | Out-Null } } - if ($Results.MediaContentRatingJapan) + else + { + $Results.Remove('MediaContentRatingIreland') | Out-Null + } + if ($Results.MediaContentRatingJapan.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingJapan -CIMInstanceName MicrosoftGraphmediacontentratingjapan if ($complexTypeStringResult) @@ -3198,7 +3218,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingJapan') | Out-Null } } - if ($Results.MediaContentRatingNewZealand) + else + { + $Results.Remove('MediaContentRatingJapan') | Out-Null + } + if ($Results.MediaContentRatingNewZealand.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingNewZealand -CIMInstanceName MicrosoftGraphmediacontentratingnewzealand if ($complexTypeStringResult) @@ -3210,7 +3234,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingNewZealand') | Out-Null } } - if ($Results.MediaContentRatingUnitedKingdom) + else + { + $Results.Remove('MediaContentRatingNewZealand') | Out-Null + } + if ($Results.MediaContentRatingUnitedKingdom.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingUnitedKingdom -CIMInstanceName MicrosoftGraphmediacontentratingunitedkingdom if ($complexTypeStringResult) @@ -3222,7 +3250,11 @@ function Export-TargetResource $Results.Remove('MediaContentRatingUnitedKingdom') | Out-Null } } - if ($Results.MediaContentRatingUnitedStates) + else + { + $Results.Remove('MediaContentRatingUnitedKingdom') | Out-Null + } + if ($Results.MediaContentRatingUnitedStates.Count -gt 0) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.MediaContentRatingUnitedStates -CIMInstanceName MicrosoftGraphmediacontentratingunitedstates if ($complexTypeStringResult) @@ -3234,6 +3266,10 @@ function Export-TargetResource $Results.Remove('MediaContentRatingUnitedStates') | Out-Null } } + else + { + $Results.Remove('MediaContentRatingUnitedStates') | Out-Null + } if ($Results.NetworkUsageRules) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.NetworkUsageRules -CIMInstanceName MicrosoftGraphiosnetworkusagerule