Skip to content

Commit

Permalink
Changed key from id to upn
Browse files Browse the repository at this point in the history
  • Loading branch information
@ritikmit
ritikmit committed Oct 4, 2024
1 parent 854869d commit 62dcb23
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 22 deletions.
21 changes: 11 additions & 10 deletions ...DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ function Get-TargetResource

[Parameter(Mandatory = $true)]
[System.String]
$Id,
$UserPrincipalName,

[Parameter()]
[System.Management.Automation.PSCredential]
Expand Down Expand Up @@ -62,20 +62,20 @@ function Get-TargetResource
$nullResult = $PSBoundParameters

$getValue = $null
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$Id/authentication/requirements"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
$getValue = Invoke-MgGraphRequest -Method Get -Uri $url

if ($null -eq $getValue)
{
Write-Verbose -Message "Could not find an Azure AD Authentication Requirement for user with id {$Id}"
Write-Verbose -Message "Could not find an Azure AD Authentication Requirement for user with UPN {$UserPrincipalName}"
return $nullResult
}

Write-Verbose -Message "An Azure AD Authentication Method Policy Requirement for a user with Id {$Id} was found."
Write-Verbose -Message "An Azure AD Authentication Method Policy Requirement for a user with UPN {$UserPrincipalName} was found."

$results = @{
PerUserMfaState = $getValue.perUserMfaState
Id = $Id
UserPrincipalName = $UserPrincipalName
Credential = $Credential
ApplicationId = $ApplicationId
TenantId = $TenantId
Expand Down Expand Up @@ -111,7 +111,7 @@ function Set-TargetResource

[Parameter(Mandatory = $true)]
[System.String]
$Id,
$UserPrincipalName,

[Parameter()]
[System.Management.Automation.PSCredential]
Expand Down Expand Up @@ -155,13 +155,14 @@ function Set-TargetResource
#endregion

$currentInstance = Get-TargetResource @PSBoundParameters
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$Id/authentication/requirements"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"

$params = @{}
if ($PerUserMfaState -eq 'enabled' -and $currentInstance.PerUserMfaState -eq 'disabled')
{
$params = @{
"perUserMfaState" = "enabled"
}
}
elseif ($PerUserMfaState -eq 'disabled' -and $currentInstance.PerUserMfaState -eq 'enabled')
{
Expand All @@ -188,7 +189,7 @@ function Test-TargetResource

[Parameter(Mandatory = $true)]
[System.String]
$Id,
$UserPrincipalName,

[Parameter()]
[System.Management.Automation.PSCredential]
Expand Down Expand Up @@ -231,7 +232,7 @@ function Test-TargetResource
Add-M365DSCTelemetryEvent -Data $data
#endregion

Write-Verbose -Message "Testing configuration of the Azure AD Authentication Requirement for a user with Id {$Id}"
Write-Verbose -Message "Testing configuration of the Azure AD Authentication Requirement for a user with UPN {$UserPrincipalName}"

$CurrentValues = Get-TargetResource @PSBoundParameters
$ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
Expand Down Expand Up @@ -336,7 +337,7 @@ function Export-TargetResource

Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline
$params = @{
Id = $config.Id
UserPrincipalName = $config.UserPrincipalName
Credential = $Credential
ApplicationId = $ApplicationId
TenantId = $TenantId
Expand Down
2 changes: 1 addition & 1 deletion ...CResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.schema.mof
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class MSFT_AADAuthenticationRequirement : OMI_BaseResource
{
[Write, Description("The state of the MFA enablement for the user. Possible values are: enabled, disabled."), ValueMap{"enabled","disabled"}, Values{"enabled","disabled"}] String PerUserMfaState;
[Key, Description("The unique identifier for an entity. Read-only.")] String Id;
[Key, Description("The unique identifier for an entity. Read-only.")] String UserPrincipalName;

[Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
Expand Down
6 changes: 3 additions & 3 deletions Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationRequirement/2-Update.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,13 @@ Configuration Example

Node localhost
{
AADAuthenticationRequirement "AADAuthenticationRequirement-98ceffcc-7c54-4227-8844-835af5a023ce"
AADAuthenticationRequirement "AADAuthenticationRequirement-[email protected]"
{
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
PerUserMfaState = "disabled"
PerUserMfaState = "disabled";
UserPrincipalName = "TestMailbox109@$OrganizationName";
}
}
}
4 changes: 4 additions & 0 deletions Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3825,6 +3825,10 @@ function Get-M365DSCExportContentForResource
{
$primaryKey = $Results.DomainName
}
elseif ($Keys.Contains('UserPrincipalName'))
{
$primaryKey = $Results.UserPrincipalName
}

if ([String]::IsNullOrEmpty($primaryKey) -and `
-not $Keys.Contains('IsSingleInstance'))
Expand Down
16 changes: 8 additions & 8 deletions Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,14 +45,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
Context -Name "The instance exists and values are already in the desired state" -Fixture {
BeforeAll {
$testParams = @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Enabled'
Credential = $Credential;
}

Mock -CommandName Invoke-MgGraphRequest -MockWith {
return @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Enabled'
Credential = $Credential;
}
Expand All @@ -67,14 +67,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
Context -Name "The instance exists and values are NOT in the desired state - Enable" -Fixture {
BeforeAll {
$testParams = @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Enabled'
Credential = $Credential;
}

Mock -CommandName Invoke-MgGraphRequest -MockWith {
return @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Disabled'
Credential = $Credential;
}
Expand All @@ -98,14 +98,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
Context -Name "The instance exists and values are NOT in the desired state - Disable" -Fixture {
BeforeAll {
$testParams = @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Disabled'
Credential = $Credential;
}

Mock -CommandName Invoke-MgGraphRequest -MockWith {
return @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Enabled'
Credential = $Credential;
}
Expand Down Expand Up @@ -136,15 +136,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {

Mock -CommandName Invoke-MgGraphRequest -MockWith {
return @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
PerUserMfaState = 'Enabled'
Credential = $Credential;
}
}

Mock -CommandName Get-MgUser -MockWith {
return @{
Id = "98ceffcc-7c54-4227-8844-835af5a023ce"
UserPrincipalName = "[email protected]"
Credential = $Credential;
}
}
Expand Down

0 comments on commit 62dcb23

Please sign in to comment.