Merge pull request #5708 from microsoft/Dev

Release 1.25.129.3

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change log for Microsoft365DSC
 
+# 1.25.129.3
+
+* EXOMigrationEndpoint
+  * Added support for EntpointType value of ExchangeRemoteMove.
+* M365DSCRuleEvaluation
+  * Changed logic to evaluate cases where the rule results in no results.
+* SPDLPComplianceRule
+  * Fix for the SensitiveInfoType ID cleaning logic in Get-TargetResource.
+* DEPENDENCIES
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.205.
+  * Updated MicrosoftTeams to version 6.8.0.
+  * Updated MSCloudLoginAssistant to version 1.1.35.
+
 # 1.25.129.2
 
 * M365DSCRuleEvaluation

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigrationEndpoint/MSFT_EXOMigrationEndpoint.psm1

@@ -25,7 +25,7 @@ function Get-TargetResource
         $Authentication,
 
         [Parameter()]
-        [ValidateSet('IMAP')]
+        [ValidateSet('IMAP', 'ExchangeRemoteMove')]
         [System.String]
         $EndpointType,
 
@@ -208,7 +208,7 @@ function Set-TargetResource
         $Authentication,
 
         [Parameter()]
-        [ValidateSet('IMAP')]
+        [ValidateSet('IMAP', 'ExchangeRemoteMove')]
         [System.String]
         $EndpointType,
 
@@ -305,14 +305,14 @@ function Set-TargetResource
 
     $currentInstance = Get-TargetResource @PSBoundParameters
 
-    $setParams = [System.Collections.Hashtable]($PSBoundParameters)
+    $setParams = ([Hashtable]$PSBoundParameters).Clone()
     $setParams = Remove-M365DSCAuthenticationParameter -BoundParameters $setParams
     $setParams.Remove('RemoteTenant')
     $setParams.Remove('EndpointType')
     $setParams.Remove('UseAutoDiscover')
     $setParams.Add('Confirm', $false)
 
-    $newParams = [System.Collections.Hashtable]($PSBoundParameters)
+    $newParams = ([Hashtable]$PSBoundParameters).Clone()
     $newParams = Remove-M365DSCAuthenticationParameter -BoundParameters $newParams
     $newParams.Remove('EndpointType')
     $newParams.Remove('Identity')
@@ -332,22 +332,40 @@ function Set-TargetResource
 
         $newParams.Add('IMAP', [Switch]$true)
     }
+    elseif ($EndpointType -eq 'ExchangeRemoteMove')
+    {
+        # Removing mailbox permission parameter as this is valid only for outlook anywhere migration
+        $setParams.Remove('MailboxPermission') | Out-Null
+        $newParams.Remove('MailboxPermission') | Out-Null
+        $newParams.Remove("AcceptUntrustedCertificates") | Out-Null
+        $setParams.Remove("AcceptUntrustedCertificates") | Out-Null
+
+        # adding skip verification switch to skip verifying
+        # that the remote server is reachable when creating a migration endpoint.
+        $setParams.Add('SkipVerification', [Switch]$true)
+        $newParams.Add('SkipVerification', [Switch]$true)
+
+        $newParams.Add('ExchangeRemoteMove', [Switch]$true)
+    }
 
     # add the logic for other endpoint types ('Exchange Remote', 'Outlook Anywhere', 'Google Workspace')
 
     # CREATE
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
+        Write-Verbose -Message "Creating new migration endpoint with parameters:`r`n$(ConvertTo-Json $newParams -Depth 10)"
         New-MigrationEndpoint @newParams
     }
     # UPDATE
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
     {
+        Write-Verbose -Message "Updating migration endpoint with parameters:`r`n$(ConvertTo-Json $setParams -Depth 10)"
         Set-MigrationEndpoint @setParams
     }
     # REMOVE
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
+        Write-Verbose -Message "Removing migration endpoint with id {$Identity}"
         Remove-MigrationEndpoint -Identity $Identity
     }
 }
@@ -379,7 +397,7 @@ function Test-TargetResource
         $Authentication,
 
         [Parameter()]
-        [ValidateSet('IMAP')]
+        [ValidateSet('IMAP', 'ExchangeRemoteMove')]
         [System.String]
         $EndpointType,
 

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMigrationEndpoint/MSFT_EXOMigrationEndpoint.schema.mof

@@ -6,7 +6,7 @@ class MSFT_EXOMigrationEndpoint : OMI_BaseResource
     [Write, Description("The Application ID used for authentication.")] String AppID;
     [Write, Description("The URL of the Key Vault that stores the application secret.")] String AppSecretKeyVaultUrl;
     [Write, Description("The authentication method for the migration endpoint.")] String Authentication;
-    [Write, Description("The type of migration endpoint."), ValueMap{"IMAP"}, Values{"IMAP"}] String EndpointType;
+    [Write, Description("The type of migration endpoint."), ValueMap{"IMAP", "ExchangeRemoteMove"}, Values{"IMAP", "ExchangeRemoteMove"}] String EndpointType;
     [Write, Description("The Exchange Server address for the migration endpoint.")] String ExchangeServer;
     [Write, Description("The mailbox permission for the migration endpoint.")] String MailboxPermission;
     [Write, Description("The maximum number of concurrent incremental syncs.")] String MaxConcurrentIncrementalSyncs;

Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1

@@ -252,86 +252,81 @@ function Test-TargetResource
         [void]$message.AppendLine("  <ResourceName>$ResourceTypeName</ResourceName>")
         [void]$message.AppendLine("  <RuleDefinition>$RuleDefinition</RuleDefinition>")
 
-        if ($instances.Length -eq 0)
+        if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
         {
-            [array]$invalidInstances = $DSCConvertedInstances.ResourceInstanceName
-            [void]$message.AppendLine('  <AfterRuleCount></AfterRuleCount>')
-            [void]$message.AppendLine('  <Match></Match>')
-        }
-        else
-        {
-            if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
-            {
-                [void]$message.AppendLine('  <AfterRuleCount>')
-                [void]$message.AppendLine("    <Query>$AfterRuleCountQuery</Query>")
+            [void]$message.AppendLine('  <AfterRuleCount>')
+            [void]$message.AppendLine("    <Query>$AfterRuleCountQuery</Query>")
 
-                Write-Verbose -Message 'Checking the After Rule Count Query'
-                $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery"
-                $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString)
-                $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock)
-                [array]$validInstances = $instances.ResourceInstanceName
-                [array]$invalidInstances = $DSCConvertedInstances.ResourceInstanceName | Where-Object -FilterScript { $_ -notin $validInstances }
+            Write-Verbose -Message 'Checking the After Rule Count Query'
+            $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery"
+            $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString)
+            $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock)
+            [array]$validInstances = $instances.ResourceInstanceName
+            [array]$invalidInstances = $DSCConvertedInstances.ResourceInstanceName | Where-Object -FilterScript { $_ -notin $validInstances }
 
-                if (-not $result)
-                {
-                    [void]$message.AppendLine('    <MetQuery>False</MetQuery>')
-                    [void]$message.AppendLine('  </AfterRuleCount>')
-                    if ($validInstances.Count -gt 0)
-                    {
-                        [void]$message.AppendLine('  <Match>')
-                        foreach ($validInstance in $validInstances)
-                        {
-                            [void]$message.AppendLine("    <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>")
-                        }
-                        [void]$message.AppendLine('  </Match>')
-                    }
-                    else
-                    {
-                        [void]$message.AppendLine('  <Match></Match>')
-                    }
-                }
-                else
+            if (-not $result)
+            {
+                [void]$message.AppendLine('    <MetQuery>False</MetQuery>')
+                [void]$message.AppendLine('  </AfterRuleCount>')
+                if ($validInstances.Count -gt 0)
                 {
-                    [void]$message.AppendLine('    <MetQuery>True</MetQuery>')
-                    [void]$message.AppendLine('  </AfterRuleCount>')
                     [void]$message.AppendLine('  <Match>')
                     foreach ($validInstance in $validInstances)
                     {
                         [void]$message.AppendLine("    <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>")
                     }
                     [void]$message.AppendLine('  </Match>')
                 }
+                else
+                {
+                    [void]$message.AppendLine('  <Match></Match>')
+                }
             }
             else
             {
-                [void]$message.AppendLine('  <AfterRuleCount></AfterRuleCount>')
-
-                $compareInstances = @()
-                $compareInstances += Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName -IncludeEqual
-                if ($compareInstances.Count -gt 0)
+                [void]$message.AppendLine('    <MetQuery>True</MetQuery>')
+                [void]$message.AppendLine('  </AfterRuleCount>')
+                [void]$message.AppendLine('  <Match>')
+                foreach ($validInstance in $validInstances)
                 {
-                    [array]$validInstances = $($compareInstances | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject
-                    [array]$invalidInstances = $($compareInstances | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject
-                }
-                else
-                {
-                    [array]$validInstances = @()
-                    [array]$invalidInstances = [array]$DSCConvertedInstances.ResourceInstanceName
+                    [void]$message.AppendLine("    <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>")
                 }
+                [void]$message.AppendLine('  </Match>')
+            }
+        }
+        else
+        {
+            [void]$message.AppendLine('  <AfterRuleCount></AfterRuleCount>')
 
-                if ($validInstances.Count -gt 0)
-                {
-                    [void]$message.AppendLine('  <Match>')
-                    foreach ($validInstance in $validInstances)
-                    {
-                        [void]$message.AppendLine("    <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>")
-                    }
-                    [void]$message.AppendLine('  </Match>')
-                }
-                else
+            $compareInstances = @()
+            if ($DSCConvertedInstances.Length -gt 0)
+            {
+                $compareInstances += Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName -IncludeEqual
+            }
+
+            if ($compareInstances.Count -gt 0)
+            {
+                [array]$validInstances = $($compareInstances | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject
+                [array]$invalidInstances = $($compareInstances | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject
+            }
+            else
+            {
+                [array]$validInstances = @()
+                [array]$invalidInstances = [array]$DSCConvertedInstances.ResourceInstanceName
+            }
+
+            if ($validInstances.Count -gt 0)
+            {
+                [void]$message.AppendLine('  <Match>')
+                foreach ($validInstance in $validInstances)
                 {
-                    [void]$message.AppendLine('  <Match></Match>')
+                    [void]$message.AppendLine("    <ResourceInstanceName>[$ResourceTypeName]$validInstance</ResourceInstanceName>")
                 }
+                [void]$message.AppendLine('  </Match>')
+            }
+            else
+            {
+                [void]$message.AppendLine('  <Match></Match>')
             }
         }
 

Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1

@@ -408,7 +408,14 @@ function Get-TargetResource
                 }
                 elseif ($null -ne $ruleObject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes)
                 {
-                    $ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes = @($ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes | Select-Object * -ExcludeProperty Id)
+                    $sensitiveTypesValue = $ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes
+                    foreach ($stype in $sensitiveTypesValue)
+                    {
+                        if ($null -ne $stype.Id)
+                        {
+                            $stype.Id = $null
+                        }
+                    }
                 }
             }
 
@@ -924,7 +931,7 @@ function Set-TargetResource
         $CreationParams.Remove('AccessTokens') | Out-Null
 
         Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)"
-        New-DLPComplianceRule @CreationParams
+        New-DLPComplianceRule @CreationParams -Confirm:$false
     }
     elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentRule.Ensure))
     {
@@ -991,7 +998,7 @@ function Set-TargetResource
         $UpdateParams.Remove('AccessTokens') | Out-Null
 
         Write-Verbose "Updating Rule with values: $(Convert-M365DscHashtableToString -Hashtable $UpdateParams)"
-        Set-DLPComplianceRule @UpdateParams
+        Set-DLPComplianceRule @UpdateParams -Confirm:$false
     }
     elseif (('Absent' -eq $Ensure) -and ('Present' -eq $CurrentRule.Ensure))
     {

Modules/Microsoft365DSC/Dependencies/Manifest.psd1

@@ -114,15 +114,15 @@
         },
         @{
             ModuleName      = 'Microsoft.PowerApps.Administration.PowerShell'
-            RequiredVersion = '2.0.203'
+            RequiredVersion = '2.0.205'
         },
         @{
             ModuleName      = 'MicrosoftTeams'
-            RequiredVersion = '6.7.0'
+            RequiredVersion = '6.8.0'
         },
         @{
             ModuleName      = "MSCloudLoginAssistant"
-            RequiredVersion = "1.1.34"
+            RequiredVersion = "1.1.35"
         },
         @{
             ModuleName      = 'PnP.PowerShell'

Modules/Microsoft365DSC/Microsoft365DSC.psd1

@@ -3,15 +3,15 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 2025-01-29
+# Generated on: 2025-01-31
 
 @{
 
   # Script module or binary module file associated with this manifest.
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion     = '1.25.129.2'
+  ModuleVersion     = '1.25.129.3'
 
   # Supported PSEditions
   # CompatiblePSEditions = @()
@@ -147,13 +147,16 @@
       IconUri      = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true'
 
       # ReleaseNotes of this module
-      ReleaseNotes = '* M365DSCRuleEvaluation
-  * Only provide the ManagedIdentity parameter for resources which supports it.
-* SCDLPComplianceRule
-  * Added the comments property on creation.
-* SCPolicyConfig
-  * Changed parsing logic to account for $null or missing properties in the
-    API response.'
+      ReleaseNotes = '* EXOMigrationEndpoint
+  * Added support for EntpointType value of ExchangeRemoteMove.
+* M365DSCRuleEvaluation
+  * Changed logic to evaluate cases where the rule results in no results.
+* SPDLPComplianceRule
+  * Fix for the SensitiveInfoType ID cleaning logic in Get-TargetResource.
+* DEPENDENCIES
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.205.
+  * Updated MicrosoftTeams to version 6.8.0.
+  * Updated MSCloudLoginAssistant to version 1.1.35.'
 
       # Flag to indicate whether the module requires explicit user acceptance for install/update
       # RequireLicenseAcceptance = $false