diff --git a/.github/workflows/Global - Integration - AAD.yml b/.github/workflows/Global - Integration - AAD.yml index 22cbe9fb0d..7f681f74d9 100644 --- a/.github/workflows/Global - Integration - AAD.yml +++ b/.github/workflows/Global - Integration - AAD.yml @@ -86,3 +86,120 @@ jobs: { Write-Host "All resources in the Tenant are in the Desired State" } + - name: Generate {Update} Integration Tests from Examples + shell: powershell + run: | + Import-Module './Tests/Integration/M365DSCTestEngine.psm1' + New-M365DSCIntegrationTest -Workload AAD -Step '2-Update' + - name: Commit {Update} Integration Tests + shell: powershell + run: | + git config --local user.email "nicharl@microsoft.com" + git config --local user.name "NikCharlebois" + git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/Integration/* + git pull + git commit -m "Updated {Update} AAD Integration Tests" + git push + $SHA = git rev-parse HEAD + echo "commitid=$SHA" >> $env:GITHUB_OUTPUT + - name: Run {Update} Integration Tests + shell: powershell + env: + INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} + INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} + run: | + $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword) + try + { + & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.AAD.Update.Tests.ps1 -Credential $Credential + } + catch + { + throw $_ + } + + try + { + $Result = Test-DSCConfiguration -Detailed -Verbose -ErrorAction Stop + } + catch + { + throw $_ + } + + Write-Host "" + + if ($Result.InDesiredState -eq $false) + { + Write-Host -Message "Resources below are not in the Desired State:" + foreach ($Resource in $Result.ResourcesNotInDesiredState) + { + Write-Host $Resource.InstanceName + } + + throw "Could not validate that the Tenant is in the Desired State" + } + else + { + Write-Host "All resources in the Tenant are in the Desired State" + } + - name: Generate {Remove} Integration Tests from Examples + shell: powershell + run: | + Import-Module './Tests/Integration/M365DSCTestEngine.psm1' + New-M365DSCIntegrationTest -Workload AAD -Step '3-Remove' + - name: Commit {Remove} Integration Tests + shell: powershell + run: | + git config --local user.email "nicharl@microsoft.com" + git config --local user.name "NikCharlebois" + git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/Integration/* + git pull + git commit -m "Updated {Update} AAD Integration Tests" + git push + $SHA = git rev-parse HEAD + echo "commitid=$SHA" >> $env:GITHUB_OUTPUT + - name: Run {Remove} Integration Tests + shell: powershell + env: + INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} + INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} + run: | + $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword) + try + { + & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.AAD.Remove.Tests.ps1 -Credential $Credential + } + catch + { + throw $_ + } + + try + { + $Result = Test-DSCConfiguration -Detailed -Verbose -ErrorAction Stop + } + catch + { + throw $_ + } + + Write-Host "" + + if ($Result.InDesiredState -eq $false) + { + Write-Host -Message "Resources below are not in the Desired State:" + foreach ($Resource in $Result.ResourcesNotInDesiredState) + { + Write-Host $Resource.InstanceName + } + + throw "Could not validate that the Tenant is in the Desired State" + } + else + { + Write-Host "All resources in the Tenant are in the Desired State" + } + diff --git a/CHANGELOG.md b/CHANGELOG.md index e9ed2a94b1..80c14b376f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,31 @@ # Change log for Microsoft365DSC +# 1.24.110.1 + +* AADAdministrativeUnit + * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. +* AADAuthenticationMethodPolicyX509 + * Added support for the property for include targets +* AADConditionalAccessPolicy + * Added support for application filters in the conditions. + * Implement Fix #3885. Manage Exclude Application. + FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] +* EXOHostedContentFilterPolicy + * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, + BlockSenderDomains if desired state is empty but current state is not empty. + FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) +* EXOMailContact + * Added support for Custom Attributes and Extension Custom Attributes. +* IntuneDeviceConfigurationPolicyMacOS + * Fix workaround added on PR #4099 in order to be able to use this resource + for deployments + FIXES [#4105](https://github.com/microsoft/Microsoft365DSC/issues/4105) +* SCDLPComplianceRule + * Fix type of AccessScope + FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463) +* TeamsTenantDialPlan + * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767) + # 1.24.103.1 * AADConditionalAccessPolicy @@ -45,6 +71,9 @@ * EXOMailboxCalendarFolder * Add support for non-English calendar folder names during export FIXES [#4056](https://github.com/microsoft/Microsoft365DSC/issues/4056) +* EXOMailboxPermission + * Ignore SendAs permissions during export + FIXES [#3942](https://github.com/microsoft/Microsoft365DSC/issues/3942) * EXOTransportRule * Fix export of enabled state FIXES [#3932](https://github.com/microsoft/Microsoft365DSC/issues/3932) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 075738fae6..09092a8b7b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -170,17 +170,17 @@ function Get-TargetResource #endregion } - if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.MembershipType)) + if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipType)) { - $results.Add('MembershipType', $getValue.AdditionalProperties.MembershipType) + $results.Add('MembershipType', $getValue.AdditionalProperties.membershipType) } - if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.MembershipRule)) + if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipRule)) { - $results.Add('MembershipRule', $getValue.AdditionalProperties.MembershipRule) + $results.Add('MembershipRule', $getValue.AdditionalProperties.membershipRule) } - if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.MembershipRuleProcessingState)) + if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipRuleProcessingState)) { - $results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.MembershipRuleProcessingState) + $results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.membershipRuleProcessingState) } Write-Verbose -Message "AU {$DisplayName} MembershipType {$($results.MembershipType)}" @@ -543,7 +543,6 @@ function Set-TargetResource # ScopedRoleMember-info is added after the AU is created } $CreateParameters.Remove('ScopedRoleMembers') | Out-Null - } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') @@ -604,8 +603,11 @@ function Set-TargetResource $UpdateParameters.Remove('ScopedRoleMembers') | Out-Null #region resource generator code - Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters ` - -AdministrativeUnitId $currentInstance.Id + $jsonParams = ConvertTo-Json $UpdateParameters + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" + Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $jsonParams + <#Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters ` + -AdministrativeUnitId $currentInstance.Id #> #endregion @@ -689,7 +691,7 @@ function Set-TargetResource $desiredScopedRoleMembersValue = @() } - # flatten hashtabls for compare + # flatten hashtables for compare $compareCurrentScopedRoleMembersValue = @() foreach ($roleMember in $currentScopedRoleMembersValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof index 5d1c6b778a..d0cd6efbcf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof @@ -14,7 +14,7 @@ class MSFT_AADApplication : OMI_BaseResource [Write, Description("ObjectID of the app.")] String ObjectId; [Write, Description("AppId for the app.")] String AppId; [Write, Description("Indicates whether this application is available in other tenants.")] Boolean AvailableToOtherTenants; - [Write, Description("A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of.")] String GroupMembershipClaims; + [Write, Description("A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.")] String GroupMembershipClaims; [Write, Description("The URL to the application's homepage.")] String Homepage; [Write, Description("User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.")] string IdentifierUris[]; [Write, Description("Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.")] Boolean IsFallbackPublicClient; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index 123f728e20..1af1575dc7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -509,44 +509,56 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null # replace group Displayname with group id - if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -and ` + $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) { + Write-Verbose -Message 'Retrieving companionAppAllowedState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -and ` + $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) { + Write-Verbose -Message 'Retrieving companionAppAllowedState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -and ` + $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) { + Write-Verbose -Message 'Retrieving displayAppInformationRequiredState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -and ` + $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) { + Write-Verbose -Message 'Retrieving displayAppInformationRequiredState exclude target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and - $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) + if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -and ` + $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) { + Write-Verbose -Message 'Retrieving displayLocationInformationRequiredState include target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -and ` + $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) { + Write-Verbose -Message 'Retrieving displayLocationInformationRequiredState exclude target' $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.foreach('id',$groupid) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 index e699ceb56f..982b5e380c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1 @@ -101,16 +101,17 @@ function Get-TargetResource #endregion if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary with DisplayName {$DisplayName}" + Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary" return $nullResult } $Id = $getValue.Id - Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$Id} and DisplayName {$DisplayName} was found." + Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$($currentExcludeTargets.id))} was found." #region resource generator code $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) { + Write-Verbose -Message "Retrieving ExcludeTarget {$currentExcludeTargets}" $myExcludeTargets = @{} if ($currentExcludeTargets.id -ne 'all_users'){ $myExcludeTargetsDisplayName = get-MgGroup -GroupId $currentExcludeTargets.id @@ -133,6 +134,7 @@ function Get-TargetResource $complexincludeTargets = @() foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets) { + Write-Verbose -Message "Retrieving IncludeTarget {$($currentincludeTargets.id)}" $myincludeTargets = @{} if ($currentIncludeTargets.id -ne 'all_users'){ $myIncludeTargetsDisplayName = get-MgGroup -GroupId $currentIncludeTargets.id @@ -158,6 +160,7 @@ function Get-TargetResource } #endregion + Write-Verbose -Message "Get-TargetResource returned values" $results = @{ #region resource generator code DefaultLength = $getValue.AdditionalProperties.defaultLength @@ -486,6 +489,7 @@ function Test-TargetResource $testResult = $true #Compare Cim instances + Write-Verbose -Message "Evaluating keys" foreach ($key in $PSBoundParameters.Keys) { $source = $PSBoundParameters.$key diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 index ddf5986b79..80d6cfdef0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 @@ -181,6 +181,10 @@ function Get-TargetResource { $myIncludeTargets.Add('TargetType', $currentIncludeTargets.targetType.toString()) } + if ($null -ne $currentIncludeTargets.isRegistrationRequired) + { + $myIncludeTargets.Add('isRegistrationRequired', [Boolean]$currentIncludeTargets.isRegistrationRequired) + } if ($myIncludeTargets.values.Where({ $null -ne $_ }).count -gt 0) { $complexIncludeTargets += $myIncludeTargets @@ -365,26 +369,21 @@ function Set-TargetResource { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } - if ($key -eq 'IncludeTargets') + if ($key -eq 'ExcludeTargets' -or $key -eq 'IncludeTargets') { $i = 0 - foreach ($entry in $UpdateParameters.$key){ - if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') - { - $Filter = "Displayname eq '$($entry.id)'" | Out-String - $UpdateParameters.$key[$i].foreach('id',(Get-MgGroup -Filter $Filter).id.ToString()) - } - $i++ - } - } - if ($key -eq 'ExcludeTargets') - { - $i = 0 - foreach ($entry in $UpdateParameters.$key){ + foreach ($entry in $UpdateParameters.$key) + { if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') { - $Filter = "Displayname eq '$($entry.id)'" | Out-String - $UpdateParameters.$key[$i].foreach('id',(Get-MgGroup -Filter $Filter).id.ToString()) + $Filter = "Displayname eq '$($entry.id)'" + Write-Verbose -Message "Retrieving {$key} Group with DisplayName {$($entry.id)}" + $GroupInstance = Get-MgGroup -Filter $Filter -ErrorAction SilentlyContinue + if ($null -ne $GroupInstance) + { + Write-Verbose -Message "Found {$key} Group {$($GroupInstance.id.ToString())}" + $UpdateParameters.$key[$i].id = $GroupInstance.id.ToString() + } } $i++ } @@ -392,6 +391,7 @@ function Set-TargetResource } #region resource generator code $UpdateParameters.Add('@odata.type', '#microsoft.graph.x509CertificateAuthenticationMethodConfiguration') + Write-Verbose -Message "Updating with Values: $(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)" Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` -AuthenticationMethodConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.schema.mof index 73f7cdce1a..5dcf2e7a00 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.schema.mof @@ -28,6 +28,7 @@ class MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget class MSFT_AADAuthenticationMethodPolicyX509IncludeTarget { [Write, Description("The object identifier of an Azure AD group.")] String Id; + [Write, Description("Determines if the user is enforced to register the authentication method.")] Boolean isRegistrationRequired; [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"group","unknownFutureValue"}, Values{"group","unknownFutureValue"}] String TargetType; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 06ce5f794e..17df78d577 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -26,6 +26,15 @@ function Get-TargetResource [System.String[]] $ExcludeApplications, + [Parameter()] + [System.String] + $ApplicationsFilter, + + [Parameter()] + [ValidateSet("include", "exclude")] + [System.String] + $ApplicationsFilterMode, + [Parameter()] [System.String[]] $IncludeUserActions, @@ -397,7 +406,6 @@ function Get-TargetResource } } - $IncludeRoles = @() $ExcludeRoles = @() #translate role template guids to role name @@ -450,7 +458,6 @@ function Get-TargetResource } } } - } $IncludeLocations = @() @@ -600,6 +607,8 @@ function Get-TargetResource IncludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.IncludeApplications) #no translation of Application GUIDs, return empty string array if undefined ExcludeApplications = [System.String[]](@() + $Policy.Conditions.Applications.ExcludeApplications) + ApplicationsFilter = $Policy.Conditions.Applications.ApplicationFilter.Rule + ApplicationsFilterMode = $Policy.Conditions.Applications.ApplicationFilter.Mode #no translation of GUIDs, return empty string array if undefined IncludeUserActions = [System.String[]](@() + $Policy.Conditions.Applications.IncludeUserActions) #no translation needed, return empty string array if undefined @@ -701,6 +710,15 @@ function Set-TargetResource [System.String[]] $ExcludeApplications, + [Parameter()] + [System.String] + $ApplicationsFilter, + + [Parameter()] + [ValidateSet("include", "exclude")] + [System.String] + $ApplicationsFilterMode, + [Parameter()] [System.String[]] $IncludeUserActions, @@ -940,10 +958,19 @@ function Set-TargetResource { $conditions.Applications.Add('IncludeApplications', $IncludeApplications) } - if ($ExcludeApplications) + if ($currentParameters.ContainsKey("ExcludeApplications")) { $conditions.Applications.Add('ExcludeApplications', $ExcludeApplications) } + if ($ApplicationsFilter -and $ApplicationsFilterMode) + { + $appFilterValue = @{ + rule = $ApplicationsFilter + mode = $ApplicationsFilterMode + } + $conditions.Applications.Add("ApplicationFilter", $appFilterValue) + } + if ($IncludeUserActions) { $conditions.Applications.Add('IncludeUserActions', $IncludeUserActions) @@ -1604,6 +1631,15 @@ function Test-TargetResource [System.String[]] $ExcludeApplications, + [Parameter()] + [System.String] + $ApplicationsFilter, + + [Parameter()] + [ValidateSet("include", "exclude")] + [System.String] + $ApplicationsFilterMode, + [Parameter()] [System.String[]] $IncludeUserActions, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof index d209e98f00..9d1203c2af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof @@ -5,6 +5,8 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource [Write, Description("Specifies the GUID for the Policy.")] String Id; [Write, Description("Specifies the State of the Policy."), ValueMap{"disabled","enabled","enabledForReportingButNotEnforced"}, Values{"disabled","enabled","enabledForReportingButNotEnforced"}] String State; [Write, Description("Cloud Apps in scope of the Policy.")] String IncludeApplications[]; + [Write, Description("Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID.")] String ApplicationsFilter; + [Write, Description("Mode to use for the filter. Possible values are include or exclude."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String ApplicationsFilterMode; [Write, Description("Cloud Apps out of scope of the Policy.")] String ExcludeApplications[]; [Write, Description("User Actions in scope of the Policy.")] String IncludeUserActions[]; [Write, Description("Users in scope of the Policy.")] String IncludeUsers[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 844320d380..31088bcbd6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -104,10 +104,12 @@ function Get-TargetResource { $getValue = $null - #region resource generator code - $getValue = Get-MgBetaEntitlementManagementAccessPackage -AccessPackageId $id ` - -ExpandProperty "accessPackageResourceRoleScopes(`$expand=accessPackageResourceRole,accessPackageResourceScope)" ` - -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementAccessPackage -AccessPackageId $id ` + -ExpandProperty "accessPackageResourceRoleScopes(`$expand=accessPackageResourceRole,accessPackageResourceScope)" ` + -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -121,7 +123,6 @@ function Get-TargetResource -ErrorAction SilentlyContinue } } - #endregion if ($null -eq $getValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 030d514a65..62fb18a109 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -103,10 +103,13 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' $getValue = $null - $getValue = Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` - -AccessPackageAssignmentPolicyId $id ` - -ExpandProperty "customExtensionHandlers(`$expand=customExtension)" ` - -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` + -AccessPackageAssignmentPolicyId $id ` + -ExpandProperty "customExtensionHandlers(`$expand=customExtension)" ` + -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -288,9 +291,18 @@ function Get-TargetResource } #endregion + $AccessPackageIdValue = $getValue.AccessPackageId + $ObjectGuid = [System.Guid]::empty + $isGUID = [System.Guid]::TryParse($AccessPackageIdValue, [System.Management.Automation.PSReference]$ObjectGuid) + if ($isGUID) + { + $accesspackage = Get-MgBetaEntitlementManagementAccessPackage -AccessPackageId $AccessPackageIdValue + $AccessPackageIdValue = $accesspackage.DisplayName + } + $results = @{ Id = $getValue.Id - AccessPackageId = $getValue.AccessPackageId + AccessPackageId = $AccessPackageIdValue AccessReviewSettings = $formattedAccessReviewSettings CanExtend = $getValue.CanExtend CustomExtensionHandlers = $formattedCustomExtensionHandlers @@ -528,6 +540,30 @@ function Set-TargetResource } $CreateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers } + + # Check to see if the AccessPackageId is in GUID form. If not, resolve it by name. + if (-not [System.String]::IsNullOrEmpty($AccessPackageId)) + { + $ObjectGuid = [System.Guid]::empty + $isGUID = [System.Guid]::TryParse($AccessPackageId, [System.Management.Automation.PSReference]$ObjectGuid) + if (-not $isGUID) + { + # Retrieve by name + Write-Verbose -Message "Retrieving Entitlement Management Access Package by Name {$AccessPackageId}" + $package = Get-MgBetaEntitlementManagementAccessPackage -Filter "displayName eq '$AccessPackageId'" + if ($null -ne $package) + { + $AccessPackageId = $package.Id + } + else + { + throw "Could not retrieve the Access Package using identifier {$AccessPackageId}" + } + } + $CreateParameters.AccessPackageId = $AccessPackageId + } + + Write-Verbose -Message "Creating with Values: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` -BodyParameter $CreateParameters } @@ -626,6 +662,27 @@ function Set-TargetResource $UpdateParameters.CustomExtensionHandlers = $formattedCustomExtensionHandlers } + if (-not [System.String]::IsNullOrEmpty($AccessPackageId)) + { + $ObjectGuid = [System.Guid]::empty + $isGUID = [System.Guid]::TryParse($AccessPackageId, [System.Management.Automation.PSReference]$ObjectGuid) + if (-not $isGUID) + { + # Retrieve by name + Write-Verbose -Message "Retrieving Entitlement Management Access Package by Name {$AccessPackageId}" + $package = Get-MgBetaEntitlementManagementAccessPackage -Filter "displayName eq '$AccessPackageId'" + if ($null -ne $package) + { + $AccessPackageId = $package.Id + } + else + { + throw "Could not retrieve the Access Package using identifier {$AccessPackageId}" + } + } + $UpdateParameters.AccessPackageId = $AccessPackageId + } + #write-verbose ($UpdateParameters|convertto-json -Depth 100) Set-MgBetaEntitlementManagementAccessPackageAssignmentPolicy ` -BodyParameter $UpdateParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index fa526d7f61..0360b370d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -88,8 +88,10 @@ function Get-TargetResource { $getValue = $null - #region resource generator code - $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalog -AccessPackageCatalogId $id -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalog -AccessPackageCatalogId $id -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -104,7 +106,6 @@ function Get-TargetResource } } } - #endregion if ($null -eq $getValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 6f69b42435..98a4ef18ea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -111,18 +111,36 @@ function Get-TargetResource try { $getValue = $null + $CatalogIdValue = $catalogId + if (-not [System.String]::IsNullOrEmpty($CatalogId)) + { + $resource = ([Hashtable]$PSBoundParameters).clone() + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$catalogId'" + $CatalogId = $catalogInstance.Id + $CatalogIdValue = $catalogInstance.DisplayName + } - #region resource generator code - $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` - -AccessPackageCatalogId $CatalogId ` - -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue + $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` + -AccessPackageCatalogId $CatalogId ` + -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Retrieving Resource by Display Name {$DisplayName}" + $getValue = Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource ` + -AccessPackageCatalogId $CatalogId ` + -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } + } if ($null -eq $getValue) { Write-Verbose -Message "The access package resource with id {$id} was NOT found in catalog {$CatalogId}." return $nullResult } - #endregion Write-Verbose -Message "The access package resource {$DisplayName} was found in catalog {$CatalogId}." $hashAttributes = @() @@ -154,7 +172,7 @@ function Get-TargetResource $results = [ordered]@{ Id = $Id - CatalogId = $CatalogId + CatalogId = $CatalogIdValue Attributes = $hashAttributes AddedBy = $getValue.addedBy #Read-Only AddedOn = $getValue.addedOn #Read-Only @@ -310,9 +328,18 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Assigning resource {$DisplayName} to catalog {$CatalogId}" - $resource = ([Hashtable]$PSBoundParameters).clone() + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + Write-Verbose -Message "Retrieving Catalog by Display Name" + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CatalogId)'" + if ($catalogInstance) + { + $CatalogId = $catalogInstance.Id + } + } + Write-Verbose -Message "Assigning resource {$DisplayName} to catalog {$CatalogId}" $resource.Remove('Id') | Out-Null $resource.Remove('CatalogId') | Out-Null @@ -329,7 +356,6 @@ function Set-TargetResource $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $resource.$key $resource.$key = $keyValue } - } $mapping = @{ @@ -346,6 +372,7 @@ function Set-TargetResource AccessPackageresource = $resource } #region resource generator code + Write-Verbose -Message "Creating with Values: $(Convert-M365DscHashtableToString -Hashtable $resourceRequest)" New-MgBetaEntitlementManagementAccessPackageResourceRequest @resourceRequest #endregion @@ -355,7 +382,16 @@ function Set-TargetResource Write-Verbose -Message "Updating resource {$DisplayName} in catalog {$CatalogId}" $resource = ([Hashtable]$PSBoundParameters).clone() - + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + Write-Verbose -Message "Retrieving Catalog by Display Name" + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CatalogId)'" + if ($catalogInstance) + { + $CatalogId = $catalogInstance.Id + } + } #$resource.Remove('Id') | Out-Null $resource.Remove('CatalogId') | Out-Null $resource.Remove('Verbose') | Out-Null @@ -422,16 +458,13 @@ function Set-TargetResource $resource = Rename-M365DSCCimInstanceParameter -Properties $resource ` -KeyMapping $mapping - #region resource generator code $resourceRequest = @{ CatalogId = $CatalogId RequestType = 'AdminRemove' AccessPackageresource = $resource } - #region resource generator code New-MgBetaEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 637425e5d9..9f7c6f4e0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -85,7 +85,11 @@ function Get-TargetResource $getValue = $null - $getValue = Get-MgBetaEntitlementManagementConnectedOrganization -ConnectedOrganizationId $id -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($id)) + { + $getValue = Get-MgBetaEntitlementManagementConnectedOrganization -ConnectedOrganizationId $id ` + -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -169,13 +173,56 @@ function Get-TargetResource $getIdentitySources = $sources } + $ObjectGuid = [System.Guid]::empty + $ExternalSponsorsValues = @() + foreach ($sponsor in $getExternalSponsors) + { + if ([System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor + $ExternalSponsorsValues += $user.UserPrincipalName + } + catch + { + Write-Verbose -Message "Couldn't find external sponsor with id {$sponsor}" + } + } + else + { + $ExternalSponsorsValues += $sponsor + } + } + + $InternalSponsorsValues = @() + foreach ($sponsor in $getInternalSponsors) + { + if ([System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor + $InternalSponsorsValues += $user.UserPrincipalName + } + catch + { + Write-Verbose -Message "Couldn't find inter sponsor with id {$sponsor}" + } + } + else + { + $InternalSponsorsValues += $sponsor + } + } + $results = @{ Id = $getValue.id Description = $getValue.description DisplayName = $getValue.displayName - ExternalSponsors = $getExternalSponsors + ExternalSponsors = $ExternalSponsorsValues IdentitySources = $getIdentitySources - InternalSponsors = $getInternalSponsors + InternalSponsors = $InternalSponsorsValues State = $getValue.state Ensure = 'Present' Credential = $Credential @@ -293,6 +340,68 @@ function Set-TargetResource 'ExternalTenantId' = 'tenantId' } + if ($Ensure -eq 'Present') + { + $ObjectGuid = [System.Guid]::empty + $ExternalSponsorsValues = @() + foreach ($sponsor in $ExternalSponsors) + { + if (-not [System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $ExternalSponsorsValues += $user.Id + } + else + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + catch + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + else + { + $ExternalSponsorsValues += $sponsor + } + } + $ExternalSponsors = $ExternalSponsorsValues + + $InternalSponsorsValues = @() + foreach ($sponsor in $InternalSponsors) + { + if (-not [System.Guid]::TryParse($sponsor, [System.Management.Automation.PSReference]$ObjectGuid)) + { + try + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($null -ne $user) + { + $InternalSponsorsValues += $user.Id + } + else + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + catch + { + Write-Verbose -Message "Could not find External Sponsor {$sponsor}" + } + } + else + { + $InternalSponsorsValues += $sponsor + } + } + $InternalSponsors = $InternalSponsorsValues + } + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating a new Entitlement Management Connected Organization {$DisplayName}" @@ -304,7 +413,6 @@ function Set-TargetResource $CreateParameters.Remove('ExternalSponsors') | Out-Null $CreateParameters.Remove('InternalSponsors') | Out-Null - $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { @@ -313,8 +421,9 @@ function Set-TargetResource $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } - $TenantId = $CreateParameters.IdentitySources.ExternalTenantId - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$tenantid')" + Write-Verbose -Message "Create Parameters: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" + $TenantIdValue = $CreateParameters.IdentitySources.TenantId + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')" $DomainName = (Invoke-MgGraphRequest -Method 'GET' -Uri $url).defaultDomainName $newConnectedOrganization = New-MgBetaEntitlementManagementConnectedOrganization -Description $CreateParameters.Description -DisplayName $CreateParameters.DisplayName -State $CreateParameters.State -DomainName $DomainName @@ -371,6 +480,19 @@ function Set-TargetResource -ConnectedOrganizationId $currentInstance.Id #region External Sponsors + if ($currentInstance.ExternalSponsors) + { + $currentExternalSponsors = @() + foreach ($sponsor in $CurrentInstance.ExternalSponsors) + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($user) + { + $currentExternalSponsors += $user.Id + } + } + $currentInstance.ExternalSponsors = $currentExternalSponsors + } $sponsorsDifferences = compare-object -ReferenceObject @($ExternalSponsors|select-object) -DifferenceObject @($currentInstance.ExternalSponsors|select-object) $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject @@ -396,6 +518,19 @@ function Set-TargetResource #endregion #region Internal Sponsors + if ($currentInstance.InternalSponsors) + { + $currentInternalSponsors = @() + foreach ($sponsor in $CurrentInstance.InternalSponsors) + { + $user = Get-MgUser -UserId $sponsor -ErrorAction SilentlyContinue + if ($user) + { + $currentInternalSponsors += $user.Id + } + } + $currentInstance.InternalSponsors = $currentInternalSponsors + } $sponsorsDifferences = compare-object -ReferenceObject @($InternalSponsors|select-object) -DifferenceObject @($currentInstance.InternalSponsors|select-object) $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject @@ -504,7 +639,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index a1615e9666..cb125080aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -307,7 +307,7 @@ function Set-TargetResource # Named Location exist but should not elseif ($Ensure -eq 'Absent' -and $CurrentAADNamedLocation.Ensure -eq 'Present') { - Write-Verbose -Message "Removing AAD Named Location {$Displayname)}" + Write-Verbose -Message "Removing AAD Named Location {$Displayname} with id {$($currentAADNamedLocation.ID)}" Remove-MgBetaIdentityConditionalAccessNamedLocation -NamedLocationId $currentAADNamedLocation.ID } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 6e1e50dcaa..f1e371a6d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -125,13 +125,16 @@ if ($null -ne $Script:exportedInstances -and $Script:ExportMode) { Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId" + $PrincipalTypeValue = $null if ($PrincipalType -eq 'User') { + Write-Verbose -Message "Retrieving Principal by UserPrincipalName {$Principal}" $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue $PrincipalTypeValue = 'User' } if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group') { + Write-Verbose -Message "Retrieving Principal by DisplayName {$Principal}" $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue $PrincipalTypeValue = 'Group' } @@ -146,7 +149,7 @@ } Write-Verbose -Message "Found Principal {$PrincipalId}" $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id - $request = $Script:exportedInstances | Where-Object -FilterScript {$_.PrincipalId -eq $PrincipalId -and $_.RoleDefinitionId -eq $RoleDefinition} + $request = $Script:exportedInstances | Where-Object -FilterScript {$_.PrincipalId -eq $PrincipalId -and $_.RoleDefinitionId -eq $RoleDefinition} | Sort-Object -Property CompletedDateTime -Descending } else { @@ -178,7 +181,8 @@ Write-Verbose -Message "Found Role {$RoleDefinitionId}" $schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'" - $request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'" + [Array]$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'" | Sort-Object -Property CompletedDateTime -Descending +` $request = $request[0] } } else @@ -202,11 +206,13 @@ Write-Verbose -Message "Found existing AADRolelLigibilityScheduleRequest" if ($PrincipalType -eq 'User') { + Write-Verbose -Message "Retrieving Principal by UserId {$($request.PrincipalId)}" $PrincipalInstance = Get-MgUser -UserId $request.PrincipalId -ErrorAction SilentlyContinue $PrincipalTypeValue = 'User' } if ($null -eq $PrincipalInstance -or $PrincipalType -eq 'Group') { + Write-Verbose -Message "Retrieving Principal by GroupId {$($request.PrincipalId)}" $requestArray = [Array]$request if ($requestArray.Count -gt 1) { @@ -307,7 +313,7 @@ } catch { - Write-Verbose "Error: $($_.ErrorDetails.Message)" + Write-Verbose "Error: $_" New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 117d2e66d8..e978aab640 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.String] - $Displayname, + $DisplayName, [Parameter()] [System.String] @@ -215,6 +215,29 @@ function Get-TargetResource $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' + $RoleDefintion = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + elseif (-not [System.String]::IsNullOrEmpty($Id)) + { + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $Id ` + -ErrorAction SilentlyContinue + } + + if ($null -eq $RoleDefinition -and -not [System.String]::IsNullOrEmpty($Displayname)) + { + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName} + } + else + { + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$DisplayName'" + } + } + try { if ($null -eq $Script:PolicyAssignments) @@ -222,7 +245,8 @@ function Get-TargetResource $allFilter = "scopeId eq '/' and scopeType eq 'DirectoryRole'" $Script:PolicyAssignments = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $allFilter -All } - $Policy = $Script:PolicyAssignments | Where-Object -FilterScript {$_.RoleDefinitionId -eq $Id} + + $Policy = $Script:PolicyAssignments | Where-Object -FilterScript {$_.RoleDefinitionId -eq $RoleDefinition.Id} } catch { @@ -237,26 +261,6 @@ function Get-TargetResource { return $nullReturn } - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} - } - else - { - $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $Id - } - - if ($null -eq $RoleDefinition -and -not [System.String]::IsNullOrEmpty($Displayname)) - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript {$_.DisplayName -eq $Displayname} - } - else - { - $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$DisplayName'" - } - } #get Policyrule $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid @@ -400,7 +404,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.String] - $Displayname, + $DisplayName, [Parameter()] [System.String] @@ -599,11 +603,23 @@ function Set-TargetResource #endregion #get role - [string]$Filter = $null - $Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole' and RoleDefinitionId eq '" + $Id + "'" - $Policy = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $Filter + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$DisplayName'" + + $Policy = $null + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole' and RoleDefinitionId eq '" + $Id + "'" + $Policy = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $Filter + } + else + { + Write-Verbose -Message "Finding Policy Assignment by Role Definition Id {$($RoleDefinition.Id)}" + $Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole' and RoleDefinitionId eq '$($RoleDefinition.Id)'" + $Policy = Get-MgBetaPolicyRoleManagementPolicyAssignment -Filter $Filter + } #get Policyrule - $roles = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid + $roles = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.PolicyId ` + -ErrorAction SilentlyContinue foreach ($role in $roles) { @@ -1100,7 +1116,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] - $Displayname, + $DisplayName, [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 988bad0ce2..5a56e3da0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -147,8 +147,18 @@ function Get-TargetResource } else { - $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($AppId)'" ` - -Expand 'AppRoleAssignedTo' + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" + $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` + -Expand 'AppRoleAssignedTo' + } + else + { + $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($AppId)'" ` + -Expand 'AppRoleAssignedTo' + } } } if ($null -eq $AADServicePrincipal) @@ -347,7 +357,6 @@ function Set-TargetResource $currentParameters.Remove('Ensure') | Out-Null $currentParameters.Remove('ObjectID') | Out-Null $currentParameters.Remove('ApplicationSecret') | Out-Null - $currentParameters.Remove('AppId') | Out-Null # ServicePrincipal should exist but it doesn't if ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Absent') @@ -356,13 +365,27 @@ function Set-TargetResource { $currentParameters.AppRoleAssignedTo = $AppRoleAssignedToValue } + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" + $currentParameters.AppId = $appInstance.AppId + } + Write-Verbose -Message 'Creating new Service Principal' + Write-Verbose -Message "With Values: $(Convert-M365DscHashtableToString -Hashtable $currentParameters)" New-MgServicePrincipal @currentParameters } # ServicePrincipal should exist and will be configured to desired state - if ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Present') + elseif ($Ensure -eq 'Present' -and $currentAADServicePrincipal.Ensure -eq 'Present') { Write-Verbose -Message 'Updating existing Service Principal' + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" + $currentParameters.AppId = $appInstance.AppId + } Write-Verbose -Message "CurrentParameters: $($currentParameters | Out-String)" Write-Verbose -Message "ServicePrincipalID: $($currentAADServicePrincipal.ObjectID)" $currentParameters.Remove('AppRoleAssignedTo') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 index d1aaa21d53..3031d6742f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 @@ -285,6 +285,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck.Remove('ClientSecret') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 index b8f446d38f..7c98904f0a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 @@ -312,16 +312,33 @@ function Get-TargetResource } else { - $AllowedSendersValues = $HostedContentFilterPolicy.AllowedSenders.Sender | Select-Object Address -ExpandProperty Address - $BlockedSendersValues = $HostedContentFilterPolicy.BlockedSenders.Sender | Select-Object Address -ExpandProperty Address + [System.String[]]$AllowedSendersValues = $HostedContentFilterPolicy.AllowedSenders.Sender | Select-Object Address -ExpandProperty Address + [System.String[]]$BlockedSendersValues = $HostedContentFilterPolicy.BlockedSenders.Sender | Select-Object Address -ExpandProperty Address + # Check if the values are null and assign them an empty string array if they are + if ($null -eq $AllowedSendersValues) { + $AllowedSendersValues = @() + } + if ($null -eq $BlockedSendersValues) { + $BlockedSendersValues = @() + } + + [System.String[]]$AllowedSenderDomains = $HostedContentFilterPolicy.AllowedSenderDomains.Domain + [System.String[]]$BlockedSenderDomains = $HostedContentFilterPolicy.BlockedSenderDomains.Domain + # Check if the values are null and assign them an empty string array if they are + if ($null -eq $AllowedSenderDomains) { + $AllowedSenderDomains = @() + } + if ($null -eq $BlockedSenderDomains) { + $BlockedSenderDomains = @() + } $result = @{ Ensure = 'Present' Identity = $Identity AddXHeaderValue = $HostedContentFilterPolicy.AddXHeaderValue AdminDisplayName = $HostedContentFilterPolicy.AdminDisplayName - AllowedSenderDomains = $HostedContentFilterPolicy.AllowedSenderDomains.Domain + AllowedSenderDomains = $AllowedSenderDomains AllowedSenders = $AllowedSendersValues - BlockedSenderDomains = $HostedContentFilterPolicy.BlockedSenderDomains.Domain + BlockedSenderDomains = $BlockedSenderDomains BlockedSenders = $BlockedSendersValues BulkQuarantineTag = $HostedContentFilterPolicy.BulkQuarantineTag BulkSpamAction = $HostedContentFilterPolicy.BulkSpamAction @@ -1039,26 +1056,6 @@ function Test-TargetResource $ValuesToCheck.Remove('CertificatePassword') | Out-Null $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - if ($null -ne $ValuesToCheck.AllowedSenders -and $ValuesToCheck.AllowedSenders.Length -eq 0) - { - $ValuesToCheck.AllowedSenders = $null - } - - if ($null -ne $ValuesToCheck.AllowedSenderDomains -and $ValuesToCheck.AllowedSenderDomains.Length -eq 0) - { - $ValuesToCheck.AllowedSenderDomains = $null - } - - if ($null -ne $ValuesToCheck.BlockedSenders -and $ValuesToCheck.BlockedSenders.Length -eq 0) - { - $ValuesToCheck.BlockedSenders = $null - } - - if ($null -ne $ValuesToCheck.BlockedSenderDomains -and $ValuesToCheck.BlockedSenderDomains.Length -eq 0) - { - $ValuesToCheck.BlockedSenderDomains = $null - } - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $ValuesToCheck ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.psm1 index 6681f5f6fb..59c2ddf127 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.psm1 @@ -70,6 +70,86 @@ function Get-TargetResource [System.Boolean] $UsePreferMessageFormat, + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute5, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -135,7 +215,7 @@ function Get-TargetResource try { - $contact = Get-MailContact -Identity $Name -ErrorAction Continue + $contact = Get-MailContact -Identity $Name -ErrorAction SilentlyContinue if ($null -eq $contact) { @@ -170,6 +250,21 @@ function Get-TargetResource TenantId = $TenantId } + foreach ($i in (1..15)) + { + if ($contact."CustomAttribute$i") + { + $result."CustomAttribute$i" = $contact."CustomAttribute$i" + } + } + foreach ($i in (1..5)) + { + if ($contact."ExtensionCustomAttribute$i") + { + $result."ExtensionCustomAttribute$i" = $contact."ExtensionCustomAttribute$i" + } + } + Write-Verbose -Message "Found Mail Contact $($Name)" Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result @@ -258,6 +353,86 @@ function Set-TargetResource [System.Boolean] $UsePreferMessageFormat, + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute5, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -320,21 +495,24 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $setParameters = $PSBoundParameters - $setParameters.Remove('Credential') | Out-Null - $setParameters.Remove('ApplicationId') | Out-Null - $setParameters.Remove('TenantId') | Out-Null - $setParameters.Remove('CertificateThumbprint') | Out-Null - $setParameters.Remove('CertificatePath') | Out-Null - $setParameters.Remove('CertificatePassword') | Out-Null - $setParameters.Remove('ManagedIdentity') | Out-Null - $setParameters.Remove('Ensure') | Out-Null - # Mail Contact doesn't exist but it should if ($Ensure -eq 'Present' -and $currentContact.Ensure -eq 'Absent') { + $parameters = Sync-M365DSCParameter -Command (Get-Command -Name New-MailContact) -Parameters $PSBoundParameters Write-Verbose -Message "The Mail Contact '$($Name)' does not exist but it should. Creating Mail Contact." - New-MailContact @setParameters + + try + { + New-MailContact @parameters -ErrorAction Stop + + $parameters = Sync-M365DSCParameter -Command (Get-Command -Name Set-MailContact) -Parameters $PSBoundParameters + $parameters.Identity = $Name + Set-MailContact @parameters -ErrorAction Stop + } + catch + { + Write-Error -ErrorRecord $_ + } } # Mail Contact exists but shouldn't elseif ($Ensure -eq 'Absent' -and $currentContact.Ensure -eq 'Present') @@ -345,10 +523,10 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentContact.Ensure -eq 'Present') { Write-Verbose -Message "Mail Contact '$($Name)' already exists. Updating settings" - Write-Verbose -Message "Updating Mail Contact '$($Name)' with values: $(Convert-M365DscHashtableToString -Hashtable $setParameters)" - $setParameters.Add('Identity', $Name) - $setParameters.Remove('OrganizationalUnit') | Out-Null - Set-MailContact @setParameters + $parameters = Sync-M365DSCParameter -Command (Get-Command -Name Set-MailContact) -Parameters $PSBoundParameters + Write-Verbose -Message "Updating Mail Contact '$($Name)' with values: $(Convert-M365DscHashtableToString -Hashtable $parameters)" + $parameters.Identity = $Name + Set-MailContact @parameters } } @@ -424,6 +602,86 @@ function Test-TargetResource [System.Boolean] $UsePreferMessageFormat, + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String[]] + $ExtensionCustomAttribute5, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -477,15 +735,14 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - - $ValuesToCheck.Remove('OrganizationalUnit') | Out-Null + [void]$ValuesToCheck.Remove('Credential') + [void]$ValuesToCheck.Remove('ApplicationId') + [void]$ValuesToCheck.Remove('TenantId') + [void]$ValuesToCheck.Remove('CertificateThumbprint') + [void]$ValuesToCheck.Remove('CertificatePath') + [void]$ValuesToCheck.Remove('CertificatePassword') + [void]$ValuesToCheck.Remove('ManagedIdentity') + [void]$ValuesToCheck.Remove('OrganizationalUnit') $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -581,7 +838,7 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - $dscContent.Append($currentDSCBlock) | Out-Null + [void]$dscContent.Append($currentDSCBlock) Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.schema.mof index 6cd8241225..f5eefa0f76 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailContact/MSFT_EXOMailContact.schema.mof @@ -16,6 +16,26 @@ class MSFT_EXOMailContact : OMI_BaseResource [Write, Description("The OrganizationalUnit parameter specifies the location in Active Directory where the new contact is created.")] String OrganizationalUnit; [Write, Description("The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: ALways, Internal, Never"), ValueMap{"Always","Internal","Never"}, Values{"Always","Internal","Never"}] String SendModerationNotifications; [Write, Description("The UsePreferMessageFormat specifies whether the message format settings configured for the mail user or mail contact override the global settings configured for the remote domain or configured by the message sender")] Boolean UsePreferMessageFormat; + [Write, Description("The CustomAttribute1 parameter specifies the value of the CustomAttribute1")] String CustomAttribute1; + [Write, Description("The CustomAttribute2 parameter specifies the value of the CustomAttribute2")] String CustomAttribute2; + [Write, Description("The CustomAttribute3 parameter specifies the value of the CustomAttribute3")] String CustomAttribute3; + [Write, Description("The CustomAttribute4 parameter specifies the value of the CustomAttribute4")] String CustomAttribute4; + [Write, Description("The CustomAttribute5 parameter specifies the value of the CustomAttribute5")] String CustomAttribute5; + [Write, Description("The CustomAttribute6 parameter specifies the value of the CustomAttribute6")] String CustomAttribute6; + [Write, Description("The CustomAttribute7 parameter specifies the value of the CustomAttribute7")] String CustomAttribute7; + [Write, Description("The CustomAttribute8 parameter specifies the value of the CustomAttribute8")] String CustomAttribute8; + [Write, Description("The CustomAttribute9 parameter specifies the value of the CustomAttribute9")] String CustomAttribute9; + [Write, Description("The CustomAttribute10 parameter specifies the value of the CustomAttribute10")] String CustomAttribute10; + [Write, Description("The CustomAttribute11 parameter specifies the value of the CustomAttribute11")] String CustomAttribute11; + [Write, Description("The CustomAttribute12 parameter specifies the value of the CustomAttribute12")] String CustomAttribute12; + [Write, Description("The CustomAttribute13 parameter specifies the value of the CustomAttribute13")] String CustomAttribute13; + [Write, Description("The CustomAttribute14 parameter specifies the value of the CustomAttribute14")] String CustomAttribute14; + [Write, Description("The CustomAttribute15 parameter specifies the value of the CustomAttribute15")] String CustomAttribute15; + [Write, Description("The ExtensionCustomAttribute1 parameter specifies the value of the ExtensionCustomAttribute1")] String ExtensionCustomAttribute1[]; + [Write, Description("The ExtensionCustomAttribute2 parameter specifies the value of the ExtensionCustomAttribute2")] String ExtensionCustomAttribute2[]; + [Write, Description("The ExtensionCustomAttribute3 parameter specifies the value of the ExtensionCustomAttribute3")] String ExtensionCustomAttribute3[]; + [Write, Description("The ExtensionCustomAttribute4 parameter specifies the value of the ExtensionCustomAttribute4")] String ExtensionCustomAttribute4[]; + [Write, Description("The ExtensionCustomAttribute5 parameter specifies the value of the ExtensionCustomAttribute5")] String ExtensionCustomAttribute5[]; [Write, Description("Specifies if this Contact should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 index 7b145cd1c5..f0d26bcf6f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 @@ -425,7 +425,7 @@ function Export-TargetResource Write-Host " |---[$j/$($permissions.Count)] $($permission.Identity)" -NoNewline $Params = @{ Identity = $mailbox.UserPrincipalName - AccessRights = [Array]$permission.AccessRights.Replace(' ','').Split(',') + AccessRights = [Array]$permission.AccessRights.Replace(' ','').Replace('SendAs,','').Split(',') # ignore SendAs permissions since they are not supported by *-MailboxPermission cmdlets InheritanceType = $permission.InheritanceType User = $permission.User Credential = $Credential diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 index e6524aa7b6..2829411355 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1 @@ -157,7 +157,7 @@ function Get-TargetResource try { - $place = Get-Place -Identity $Identity -ErrorAction Stop + $place = Get-Place -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $place) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index 5936b4ac81..ef49efa6c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -777,7 +777,7 @@ function Set-TargetResource if ($UpdateDelayPolicy.Count -gt 0) { - $UpdateDelayPolicy = $UpdateDelayPolicy -join ',' + $PSBoundParameters.UpdateDelayPolicy = $UpdateDelayPolicy -join ',' } if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 3b3325530c..981dd8ac89 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource [Parameter()] [ValidateSet('InOrganization', 'NotInOrganization', 'None')] - [System.String[]] + [System.String] $AccessScope, [Parameter()] @@ -334,7 +334,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('InOrganization', 'NotInOrganization', 'None')] - [System.String[]] + [System.String] $AccessScope, [Parameter()] @@ -644,7 +644,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('InOrganization', 'NotInOrganization', 'None')] - [System.String[]] + [System.String] $AccessScope, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof index 2202e3c6c5..851847008e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof @@ -36,7 +36,7 @@ class MSFT_SCDLPComplianceRule : OMI_BaseResource { [Key, Description("Name of the Rule.")] String Name; [Required, Description("Name of the associated DLP Compliance Policy.")] String Policy; - [Write, Description("The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope."), ValueMap{"InOrganization","NotInOrganization", "None"}, Values{"InOrganization","NotInOrganization", "None"}] String AccessScope[]; + [Write, Description("The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope."), ValueMap{"InOrganization","NotInOrganization", "None"}, Values{"InOrganization","NotInOrganization", "None"}] String AccessScope; [Write, Description("The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value.")] Boolean BlockAccess; [Write, Description("The BlockAccessScope parameter specifies the scope of the block access action."), ValueMap{"All", "PerUser"}, Values{"All", "PerUser"}] String BlockAccessScope; [Write, Description("The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.")] String Comment; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 index d80da09a80..85f29ebd0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantDialPlan/MSFT_TeamsTenantDialPlan.psm1 @@ -514,7 +514,7 @@ function Get-M365DSCVoiceNormalizationRulesDifference [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.Object[]] $CurrentRules, diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 index dd1149b760..c57e9ba949 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 @@ -12,19 +12,20 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADApplication 'AADApp1' { DisplayName = "AppDisplayName" AvailableToOtherTenants = $false - GroupMembershipClaims = "0" - Homepage = "https://app.contoso.com" - IdentifierUris = "https://app.contoso.com" + GroupMembershipClaims = "None" + Homepage = "https://$Domain" + IdentifierUris = "https://$Domain" KnownClientApplications = "" - LogoutURL = "https://app.contoso.com/logout" + LogoutURL = "https://$Domain/logout" PublicClient = $false - ReplyURLs = "https://app.contoso.com" + ReplyURLs = "https://$Domain" Permissions = @( MSFT_AADApplicationPermission { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 index 950f7c2813..fc9c39407e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 @@ -12,19 +12,20 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADApplication 'AADApp1' { DisplayName = "AppDisplayName" AvailableToOtherTenants = $true # Updated Property - GroupMembershipClaims = "0" - Homepage = "https://app.contoso.com" - IdentifierUris = "https://app.contoso.com" + GroupMembershipClaims = "None" + Homepage = "https://$Domain" + IdentifierUris = "https://$Domain" KnownClientApplications = "" - LogoutURL = "https://app.contoso.com/logout" + LogoutURL = "https://$Domain/logout" PublicClient = $false - ReplyURLs = "https://app.contoso.com" + ReplyURLs = "https://$Domain" Permissions = @( MSFT_AADApplicationPermission { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 index fb6900710a..4154df76fb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 @@ -24,17 +24,9 @@ Configuration Example Id = 'Legal Team' TargetType = 'group' } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' - TargetType = 'group' - } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -42,10 +34,6 @@ Configuration Example State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -53,10 +41,6 @@ Configuration Example State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 index af044fae17..e5249bc9b3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -21,20 +21,12 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Legal Team' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' + Id = 'Finance Team' # Updated Property TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -42,10 +34,6 @@ Configuration Example State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -53,10 +41,6 @@ Configuration Example State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -75,7 +59,7 @@ Configuration Example TargetType = 'group' } ); - IsSoftwareOathEnabled = $True; # Updated Property + IsSoftwareOathEnabled = $False; State = "enabled"; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 index 7be4ff9417..383f603274 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 @@ -30,7 +30,7 @@ Configuration Example Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'DSCGroup' + Id = 'Executives' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 index a23cf77d9d..da062cb512 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 @@ -30,7 +30,7 @@ Configuration Example Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'DSCGroup' + Id = 'Executives' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index dabae65428..8ebd005c43 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -18,9 +18,6 @@ Configuration Example AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ - - Rules = @(@() - ) X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 index 0edadb587c..8ebd005c43 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 @@ -18,9 +18,6 @@ Configuration Example AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ - - Rules = @(@() - ) X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( @@ -55,7 +52,7 @@ Configuration Example TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "enabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 index e555e01397..20018ebc40 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 @@ -41,9 +41,7 @@ Configuration Example ) } }; - ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' - CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' - TenantId = 'M365x35070558.onmicrosoft.com' + Credential = $credsCredential Ensure = "Present"; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 index fa20869958..d3064c63ae 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 @@ -41,9 +41,7 @@ Configuration Example ) } }; - ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' - CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' - TenantId = 'M365x35070558.onmicrosoft.com' + Credential = $credsCredential Ensure = "Present"; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 index a5b31cb592..6df36bd26b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 @@ -14,9 +14,9 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignments" { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -38,17 +38,6 @@ Configuration Example IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 index 223ba9497a..00c8f28c52 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 @@ -14,9 +14,9 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignments" { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -38,17 +38,6 @@ Configuration Example IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 index fae71422d5..1acbe3c12f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 @@ -16,9 +16,9 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $True Managedidentity = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 index 38127ab97b..30621cfbe4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 @@ -16,9 +16,9 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $False # Updated Property Managedidentity = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 index bf302be3e6..acfae36718 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 @@ -12,20 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' - IsPendingOnboarding = $False - OriginId = 'https://contoso.sharepoint.com/' + DisplayName = 'Human Resources' + CatalogId = 'My Catalog' + Description = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + IsPendingOnboarding = $true + OriginId = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 index cce7f22a0e..7cbaf4e00b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 @@ -12,20 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' - IsPendingOnboarding = $False # Updated Property - OriginId = 'https://contoso.sharepoint.com/' + DisplayName = 'Human Resources' + CatalogId = 'My Catalog' + Description = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + IsPendingOnboarding = $false # Updated Property + OriginId = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 index f4772ccf44..1d4fcd1896 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 @@ -12,21 +12,22 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" - DisplayName = 'Contoso' + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" + DisplayName = 'o365dsc' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 index 59e893bec8..5044b39b3a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 @@ -12,21 +12,22 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { - Description = "this is the tenant partner - Updated"; # Updated Property + Description = "This is the tenant partner - Updated"; # Updated Property DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" - DisplayName = 'Contoso' + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" + DisplayName = 'o365dsc' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 index ee96d8b039..2cfe4b2336 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 @@ -18,7 +18,7 @@ Configuration Example { DisplayName = "Company Network" IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $True + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 index 24c3405382..9f1b9edb57 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 @@ -17,8 +17,8 @@ Configuration Example AADNamedLocationPolicy 'CompanyNetwork' { DisplayName = "Company Network" - IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $False # Updated Property + IpRanges = @("2.1.1.1/32") # Updated Property + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 index f338de89dc..439d0b39b9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 @@ -14,6 +14,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADRoleEligibilityScheduleRequest "MyRequest" @@ -23,7 +24,7 @@ Configuration Example DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $False; - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 index 3532161553..9131d0a4e7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 @@ -14,6 +14,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADRoleEligibilityScheduleRequest "MyRequest" @@ -23,7 +24,7 @@ Configuration Example DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $True; # Updated Property - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 deleted file mode 100644 index e603f34d31..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 +++ /dev/null @@ -1,62 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $True; - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Present' - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 index c406e7a9ed..5d148bc5bb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 @@ -12,22 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" AlternativeNames = "AlternativeName1","AlternativeName2" AccountEnabled = $true AppRoleAssignmentRequired = $false - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + Homepage = "https://$Domain" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 index b513d7b703..d50d7f231c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 @@ -12,22 +12,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" - AlternativeNames = "AlternativeName1","AlternativeName2" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" + AlternativeNames = "AlternativeName1","AlternativeName3" # Updated Property AccountEnabled = $true - AppRoleAssignmentRequired = $true # Updated Property - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + AppRoleAssignmentRequired = $false + Homepage = "https://$Domain" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 index 77f36b174e..73cdcbb24b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 @@ -12,19 +12,18 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Gatineau" Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 index d80e65086f..238b7e0925 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 @@ -12,19 +12,18 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Ottawa" # Updated Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 index 1da4cd0523..30f6a7acb5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 @@ -12,12 +12,12 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailContact/1-NewMailContact.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailContact/1-NewMailContact.ps1 index 12aa54841b..74c7a2ac87 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOMailContact/1-NewMailContact.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailContact/1-NewMailContact.ps1 @@ -8,7 +8,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $credsCredential + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -16,20 +16,22 @@ Configuration Example { EXOMailContact 'TestMailContact' { - Alias = "TestMailContact"; - Credential = $Credscredential; - DisplayName = "My Test Contact"; - Ensure = "Present"; - ExternalEmailAddress = "SMTP:test@tailspintoys.com"; - MacAttachmentFormat = "BinHex"; - MessageBodyFormat = "TextAndHtml"; - MessageFormat = "Mime"; - ModeratedBy = @(); - ModerationEnabled = $False; - Name = "My Test Contact"; - OrganizationalUnit = "nampr03a010.prod.outlook.com/Microsoft Exchange Hosted Organizations/$OrganizationName"; - SendModerationNotifications = "Always"; - UsePreferMessageFormat = $True; + Alias = 'TestMailContact' + Credential = $Credscredential + DisplayName = 'My Test Contact' + Ensure = 'Present' + ExternalEmailAddress = 'SMTP:test@tailspintoys.com' + MacAttachmentFormat = 'BinHex' + MessageBodyFormat = 'TextAndHtml' + MessageFormat = 'Mime' + ModeratedBy = @() + ModerationEnabled = $false + Name = 'My Test Contact' + OrganizationalUnit = "nampr03a010.prod.outlook.com/Microsoft Exchange Hosted Organizations/$OrganizationName" + SendModerationNotifications = 'Always' + UsePreferMessageFormat = $true + CustomAttribute1 = 'Custom Value 1' + ExtensionCustomAttribute5 = 'Extension Custom Value 1', 'Extension Custom Value 2' } } } diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index d243a51528..7f2b2f7538 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-01-03 +# Generated on: 2024-01-10 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.103.1' + ModuleVersion = '1.24.110.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -26,7 +26,7 @@ CompanyName = 'Microsoft Corporation' # Copyright statement for this module - Copyright = '(c) 2023 Microsoft Corporation. All rights reserved.' + Copyright = '(c) 2024 Microsoft Corporation. All rights reserved.' # Description of the functionality provided by this module Description = 'This DSC module is used to configure and monitor Microsoft tenants, including SharePoint Online, Exchange, Teams, etc.' @@ -140,40 +140,32 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADConditionalAccessPolicy - * Fix Get-TargetResource when the parameter Id is not present - FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) - * EXOInboundConnector - * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. - * EXOMailTips - * Added parameter descriptions for better documentation - * EXOOutboundConnector - * Corrected parameter descriptions, so the documentation on microsoft365dsc.com is generated correctly. - * EXOReportSubmissionPolicy + ReleaseNotes = '* AADAdministrativeUnit + * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. + * AADAuthenticationMethodPolicyX509 + * Added support for the property for include targets + * AADConditionalAccessPolicy + * Added support for application filters in the conditions. + * Implement Fix #3885. Manage Exclude Application. + FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] + * AADGroupOwnerConsentSettings * Initial release - FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) - * EXOReportSubmissionRule - * Initial release - FIXES [#3690](https://github.com/microsoft/Microsoft365DSC/issues/3690) - * EXOTransportRule - * Stop supporting DLP-related rules, conditions, and actions (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-mail-flow-rules-to-stop-supporting-dlp-related/ba-p/3959870) - FIXES [#3929](https://github.com/microsoft/Microsoft365DSC/issues/3929) + Implements [#4112](https://github.com/microsoft/Microsoft365DSC/issues/4112) + * EXOHostedContentFilterPolicy + * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, + BlockSenderDomains if desired state is empty but current state is not empty. + FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) + * EXOMailContact + * Added support for Custom Attributes and Extension Custom Attributes. * IntuneDeviceConfigurationPolicyMacOS - * Added parameter descriptions for better documentation - * IntuneSettingCatalogCustomPolicyWindows10 - * Fix Get-TargetResource when the parameter Id is not present - FIXES [#4029](https://github.com/microsoft/Microsoft365DSC/issues/4003) - * SPOTenantSettings - * Added parameter descriptions for better documentation - * TeamsChannel - * Add error handling if GroupId of a team is null - FIXES [#3943](https://github.com/microsoft/Microsoft365DSC/issues/3943) - * TeamsFeedbackPolicy - * Added parameter descriptions for better documentation - * TeamsMobilityPolicy - * Added parameter descriptions for better documentation - * TeamsNetworkRoamingPolicy - * Added parameter descriptions for better documentation' + * Fix workaround added on PR #4099 in order to be able to use this resource + for deployments + FIXES [#4105](https://github.com/microsoft/Microsoft365DSC/issues/4105) + * SCDLPComplianceRule + * Fix type of AccessScope + FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463) + * TeamsTenantDialPlan + * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767)' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 08eb7511fd..9f10e145ac 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -4331,6 +4331,136 @@ function Get-M365DSCConfigurationConflict return $results } +<# + .Description + This function returns a hashtable with aligned to the parameter pattern of the given cmdlet. + + .Example + $param = @{ + Path = 'C:\Test' + DoesNotExist = '123' + } + Sync-M365DSCParameter -Command (Get-Command -Name Get-ChildItem) -Parameters $param + + .Functionality + Private +#> +function Sync-M365DSCParameter +{ + [Cmdletbinding()] + param ( + [Parameter(Mandatory = $true)] + [ValidateScript( { + $_ -is [System.Management.Automation.FunctionInfo] -or + $_ -is [System.Management.Automation.CmdletInfo] -or + $_ -is [System.Management.Automation.ExternalScriptInfo] -or + $_ -is [System.Management.Automation.AliasInfo] + })] + [object]$Command, + + [hashtable]$Parameters, + + [switch]$ConvertValue + ) + + if (-not $PSBoundParameters.ContainsKey('Parameters')) + { + $Parameters = ([hashtable]$ALBoundParameters).Clone() + } + else + { + $Parameters = ([hashtable]$Parameters).Clone() + } + + if ($Command -is [System.Management.Automation.AliasInfo]) + { + $command = & (Get-Module -Name $Command.Source) { + param([string]$Name) + + Get-Command -Name $Name + } $Command.Definition + } + + $commonParameters = [System.Management.Automation.Internal.CommonParameters].GetProperties().Name + $commandParameterKeys = $Command.Parameters.Keys.GetEnumerator() | ForEach-Object { $_ } + $parameterKeys = $Parameters.Keys.GetEnumerator() | ForEach-Object { $_ } + + $keysToRemove = Compare-Object -ReferenceObject $commandParameterKeys -DifferenceObject $parameterKeys | + Select-Object -ExpandProperty InputObject + + $keysToRemove = $keysToRemove + $commonParameters | Select-Object -Unique #remove the common parameters + + foreach ($key in $keysToRemove) + { + $Parameters.Remove($key) + } + + if ($ConvertValue.IsPresent) + { + $keysToUpdate = @{} + foreach ($kvp in $Parameters.GetEnumerator()) + { + if (-not $kvp.Value) # $null or empty string will not trip up conversion + { + continue + } + + $targetType = $Command.Parameters[$kvp.Key].ParameterType + $sourceType = $kvp.Value.GetType() + $targetValue = $kvp.Value -as $targetType + + if (-not $targetValue -and $targetType.ImplementedInterfaces -contains [Collections.IList]) + { + $targetValue = $targetType::new() + foreach ($v in $kvp.Value) + { + $targetValue.Add($v) + } + } + + if (-not $targetValue -and $targetType.ImplementedInterfaces -contains [Collections.IDictionary] ) + { + $targetValue = $targetType::new() + foreach ($k in $kvp.Value.GetEnumerator()) + { + $targetValue.Add($k.Key, $k.Value) + } + } + + if (-not $targetValue -and ($sourceType.ImplementedInterfaces -contains [Collections.IList] -and $targetType.ImplementedInterfaces -notcontains [Collections.IList])) + { + Write-Verbose -Message "Value of source parameter $($kvp.Key) is a collection, but target parameter is not. Selecting first object" + $targetValue = $kvp.Value | Select-Object -First 1 + } + + if (-not $targetValue) + { + Write-Error -Message "Conversion of source parameter $($kvp.Key) (Type: $($sourceType.FullName)) to type $($targetType.FullName) was impossible" + return + } + + $keysToUpdate[$kvp.Key] = $targetValue + } + } + + if ($keysToUpdate) + { + foreach ($kvp in $keysToUpdate.GetEnumerator()) + { + $Parameters[$kvp.Key] = $kvp.Value + } + } + + if ($PSBoundParameters.ContainsKey('Parameters')) + { + $Parameters + } + else + { + $global:ALBoundParameters = $Parameters + } +} + Export-ModuleMember -Function @( 'Assert-M365DSCBlueprint', 'Confirm-ImportedCmdletIsAvailable', @@ -4373,5 +4503,6 @@ Export-ModuleMember -Function @( 'Update-M365DSCDependencies', 'Update-M365DSCExportAuthenticationResults', 'Update-M365DSCModule', - 'Write-M365DSCLogEvent' + 'Write-M365DSCLogEvent', + 'Sync-M365DSCParameter' ) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 7cb309eaf4..ec021a850f 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -32,13 +32,13 @@ { DisplayName = "AppDisplayName" AvailableToOtherTenants = $false - GroupMembershipClaims = "0" - Homepage = "https://app.contoso.com" - IdentifierUris = "https://app.contoso.com" + GroupMembershipClaims = "None" + Homepage = "https://$Domain" + IdentifierUris = "https://$Domain" KnownClientApplications = "" - LogoutURL = "https://app.contoso.com/logout" + LogoutURL = "https://$Domain/logout" PublicClient = $false - ReplyURLs = "https://app.contoso.com" + ReplyURLs = "https://$Domain" Permissions = @( MSFT_AADApplicationPermission { @@ -279,7 +279,7 @@ Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'DSCGroup' + Id = 'Executives' TargetType = 'group' } ); @@ -305,9 +305,6 @@ AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate' { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ - - Rules = @(@() - ) X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( @@ -401,9 +398,7 @@ ) } }; - ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' - CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' - TenantId = 'M365x35070558.onmicrosoft.com' + Credential = $credsCredential Ensure = "Present"; } AADEntitlementManagementAccessPackage 'myAccessPackage' @@ -417,9 +412,9 @@ IsHidden = $False; IsRoleScopesVisible = $True; } - AADEntitlementManagementAccessPackageAssignmentPolicy 'myAssignmentPolicyWithAccessReviewsSettings' + AADEntitlementManagementAccessPackageAssignmentPolicy 'myAssignments' { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -441,25 +436,14 @@ IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $True Managedidentity = $False @@ -468,16 +452,14 @@ } AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' - IsPendingOnboarding = $False - OriginId = 'https://contoso.sharepoint.com/' + DisplayName = 'Human Resources' + CatalogId = 'My Catalog' + Description = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + IsPendingOnboarding = $true + OriginId = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } @@ -485,15 +467,15 @@ { Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" - DisplayName = 'Contoso' + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" + DisplayName = 'o365dsc' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential @@ -514,7 +496,7 @@ { DisplayName = "Company Network" IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $True + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential @@ -537,7 +519,7 @@ DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $False; - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' @@ -548,64 +530,16 @@ } }; } - AADRoleSetting '28b253d8-cde5-471f-a331-fe7320023cdd' - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $True; - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Present' - } AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" AlternativeNames = "AlternativeName1","AlternativeName2" AccountEnabled = $true AppRoleAssignmentRequired = $false - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + Homepage = "https://$Domain" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" @@ -622,14 +556,13 @@ } AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Gatineau" Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 new file mode 100644 index 0000000000..dd39063f6d --- /dev/null +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -0,0 +1,806 @@ + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Configuration Master + { + param + ( + [Parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] + Node Localhost + { + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + MembershipRule = "(user.country -eq `"US`")" # Updated Property + MembershipRuleProcessingState = 'On' + MembershipType = 'Dynamic' + Ensure = 'Present' + Credential = $Credscredential + } + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + AvailableToOtherTenants = $true # Updated Property + GroupMembershipClaims = "None" + Homepage = "https://$Domain" + IdentifierUris = "https://$Domain" + KnownClientApplications = "" + LogoutURL = "https://$Domain/logout" + PublicClient = $false + ReplyURLs = "https://$Domain" + Permissions = @( + MSFT_AADApplicationPermission + { + Name = 'User.Read' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $false + } + MSFT_AADApplicationPermission + { + Name = 'User.ReadWrite.All' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + MSFT_AADApplicationPermission + { + Name = 'User.Read.All' + Type = 'AppOnly' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + ) + Ensure = "Present" + Credential = $Credscredential + } + AADAttributeSet 'AADAttributeSetTest' + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Present"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 300; # Updated Property + } + AADAuthenticationContextClassReference 'AADAuthenticationContextClassReference-Test' + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + } + AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' + { + Description = "Updated"; # Updated Property + DisplayName = "Authentication Methods Policy"; + Ensure = "Present"; + Id = "authenticationMethodsPolicy"; + PolicyMigrationState = "migrationInProgress"; + PolicyVersion = "1.5"; + RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ + AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ + SnoozeDurationInDays = 1 + IncludeTargets = @( + MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ + TargetedAuthenticationMethod = 'microsoftAuthenticator' + TargetType = 'group' + Id = 'all_users' + } + ) + State = 'default' + } + }; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyAuthenticator 'AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator' + { + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'Legal Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + ); + FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ + DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'all_users' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'all_users' + TargetType = 'group' + } + State = 'default' + } + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'all_users' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'all_users' + TargetType = 'group' + } + State = 'default' + } + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'all_users' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'all_users' + TargetType = 'group' + } + State = 'default' + } + }; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'Finance Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'Northwind Traders' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + } + AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' + { + AllowExternalIdToUseEmailOtp = "enabled"; + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + ); + Id = "Email"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'Finance Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'Legal Team' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + AADAuthenticationMethodPolicyFido2 'AADAuthenticationMethodPolicyFido2-Fido2' + { + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'Executives' + TargetType = 'group' + } + ); + Id = "Fido2"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'all_users' + TargetType = 'group' + } + ); + IsAttestationEnforced = $False; + IsSelfServiceRegistrationAllowed = $True; + KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ + IsEnforced = $False + EnforcementType = 'block' + AaGuids = @() + }; + State = "disabled"; # Updated Property + } + AADAuthenticationMethodPolicySms 'AADAuthenticationMethodPolicySms-Sms' + { + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'All Employees' + TargetType = 'group' + } + ); + Id = "Sms"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'all_users' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + AADAuthenticationMethodPolicySoftware 'AADAuthenticationMethodPolicySoftware-SoftwareOath' + { + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'Executives' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'Paralegals' + TargetType = 'group' + } + ); + Id = "SoftwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'Legal Team' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + AADAuthenticationMethodPolicyTemporary 'AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass' + { + Credential = $Credscredential; + DefaultLength = 9; # Updated Property + DefaultLifetimeInMinutes = 60; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'All Company' + TargetType = 'group' + } + ); + Id = "TemporaryAccessPass"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'Executives' + TargetType = 'group' + } + ); + IsUsableOnce = $False; + MaximumLifetimeInMinutes = 480; + MinimumLifetimeInMinutes = 60; + State = "enabled"; + } + AADAuthenticationMethodPolicyVoice 'AADAuthenticationMethodPolicyVoice-Voice' + { + Credential = $Credscredential; + Ensure = "Present"; + Id = "Voice"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'all_users' + TargetType = 'group' + } + ); + IsOfficePhoneAllowed = $True; # Updated Property + State = "disabled"; + } + AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate' + { + AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + }; + CertificateUserBindings = @( + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 1 + UserProperty = 'userPrincipalName' + X509CertificateField = 'PrincipalName' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 2 + UserProperty = 'userPrincipalName' + X509CertificateField = 'RFC822Name' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 3 + UserProperty = 'certificateUserIds' + X509CertificateField = 'SubjectKeyIdentifier' + } + ); + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'DSCGroup' + TargetType = 'group' + } + ); + Id = "X509Certificate"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'Finance Team' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + AADAuthenticationStrengthPolicy 'AADAuthenticationStrengthPolicy-Example' + { + AllowedCombinations = @("windowsHelloForBusiness","fido2","deviceBasedPush"); # Updated Property + Description = "This is an example"; + DisplayName = "Example"; + Ensure = "Present"; + Credential = $Credscredential; + } + AADAuthorizationPolicy 'AADAuthPol' + { + IsSingleInstance = 'Yes' + DisplayName = 'Authorization Policy' + Description = 'Used to manage authorization related settings across the company.' + AllowEmailVerifiedUsersToJoinOrganization = $true + AllowInvitesFrom = 'everyone' + AllowedToSignUpEmailBasedSubscriptions = $true + AllowedToUseSspr = $true + BlockMsolPowerShell = $false + DefaultUserRoleAllowedToCreateApps = $true + DefaultUserRoleAllowedToCreateSecurityGroups = $true + DefaultUserRoleAllowedToReadOtherUsers = $true + GuestUserRole = 'Guest' + PermissionGrantPolicyIdsAssignedToDefaultUserRole = @() + Ensure = 'Present' + Credential = $Credscredential + } + AADConditionalAccessPolicy 'Allin-example' + { + ApplicationEnforcedRestrictionsIsEnabled = $False; + BuiltInControls = @("mfa"); + ClientAppTypes = @("all"); + CloudAppSecurityIsEnabled = $True; # Updated Porperty + Credential = $Credscredential; + DeviceFilterMode = "exclude"; + DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; + DisplayName = "Example CAP"; + Ensure = "Present"; + ExcludeUsers = @("admin@$Domain"); + GrantControlOperator = "OR"; + IncludeApplications = @("All"); + IncludeRoles = @("Attack Payload Author"); + PersistentBrowserIsEnabled = $False; + SignInFrequencyInterval = "timeBased"; + SignInFrequencyIsEnabled = $True; + SignInFrequencyType = "hours"; + SignInFrequencyValue = 1; + State = "disabled"; + } + AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' + { + AllowedCloudEndpoints = @("microsoftonline.us"); + Credential = $Credscredential; + DisplayName = "MyXTAPPolicy"; + Ensure = "Present"; + IsSingleInstance = "Yes"; + } + AADCrossTenantAccessPolicyConfigurationDefault 'AADCrossTenantAccessPolicyConfigurationDefault' + { + B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllUsers' + TargetType = 'user' + } + ) + } + } + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllUsers' + TargetType = 'user' + } + ) + } + } + B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'blocked' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'blocked' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllUsers' + TargetType = 'user' + } + ) + } + } + B2BDirectConnectOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'blocked' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'blocked' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllUsers' + TargetType = 'user' + } + ) + } + } + Credential = $Credscredential; + Ensure = "Present"; + InboundTrust = MSFT_AADCrossTenantAccessPolicyInboundTrust { + IsCompliantDeviceAccepted = $False + IsHybridAzureADJoinedDeviceAccepted = $False + IsMfaAccepted = $False + } + IsSingleInstance = "Yes"; + } + AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' + { + PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com + AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings { + InboundAllowed = $False # Updated Property + OutboundAllowed = $True + }; + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365 + TargetType = 'user' + } + ) + } + }; + Credential = $credsCredential + Ensure = "Present"; + } + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + AccessPackagesIncompatibleWith = @(); + CatalogId = "General"; + Credential = $Credscredential; + Description = "Integration Tests"; + DisplayName = "Integration Package"; + Ensure = "Present"; + IsHidden = $True; # Updated Property + IsRoleScopesVisible = $True; + } + AADEntitlementManagementAccessPackageAssignmentPolicy 'myAssignments' + { + AccessPackageId = "Integration Package"; + AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ + IsEnabled = $True + StartDateTime = '12/17/2022 23:59:59' + IsAccessRecommendationEnabled = $True + AccessReviewTimeoutBehavior = 'keepAccess' + IsApprovalJustificationRequired = $True + ReviewerType = 'Self' + RecurrenceType = 'quarterly' + Reviewers = @() + DurationInDays = 25 + }; + CanExtend = $False; + Description = ""; + DisplayName = "External tenant"; + DurationInDays = 180; # Updated Property + RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ + ApprovalMode = 'NoApproval' + IsRequestorJustificationRequired = $False + IsApprovalRequired = $False + IsApprovalRequiredForExtension = $False + }; + Ensure = "Present" + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'My Catalog' + CatalogStatus = 'Published' + CatalogType = 'UserManaged' + Description = 'Built-in catalog.' + IsExternallyVisible = $False # Updated Property + Managedidentity = $False + Ensure = 'Present' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Human Resources' + CatalogId = 'My Catalog' + Description = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + IsPendingOnboarding = $false # Updated Property + OriginId = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + OriginSystem = 'SharePointOnline' + ResourceType = 'SharePoint Online Site' + Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + Url = "https://$Domain.sharepoint.com/sites/HumanResources" + Ensure = 'Present' + Credential = $Credscredential + } + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + Description = "This is the tenant partner - Updated"; # Updated Property + DisplayName = "Test Tenant - DSC"; + ExternalSponsors = @("AdeleV@$Domain"); + IdentitySources = @( + MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" + DisplayName = 'o365dsc' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + } + ); + InternalSponsors = @("AdeleV@$Domain"); + State = "configured"; + Ensure = "Present" + Credential = $Credscredential + } + AADExternalIdentityPolicy 'AADExternalIdentityPolicy' + { + AllowDeletedIdentitiesDataRemoval = $False; + AllowExternalIdentitiesToLeave = $True; + Credential = $credsCredential; + IsSingleInstance = "Yes"; + } + AADGroup 'MyGroups' + { + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group Updated" # Updated Property + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Visibility = "Private" + Ensure = "Present" + Credential = $Credscredential + } + AADGroupLifecyclePolicy 'GroupLifecyclePolicy' + { + IsSingleInstance = "Yes" + AlternateNotificationEmails = @("john.smith@contoso.com") + GroupLifetimeInDays = 99 + ManagedGroupTypes = "Selected" + Ensure = "Present" + Credential = $Credscredential + } + AADGroupsNamingPolicy 'GroupsNamingPolicy' + { + IsSingleInstance = "Yes" + CustomBlockedWordsList = @("CEO", "President") + PrefixSuffixNamingRequirement = "[Title]Test[Company][GroupName][Office]Redmond" + Ensure = "Present" + Credential = $Credscredential + } + AADGroupsSettings 'GeneralGroupsSettings' + { + IsSingleInstance = "Yes" + AllowGuestsToAccessGroups = $True + AllowGuestsToBeGroupOwner = $True + AllowToAddGuests = $True + EnableGroupCreation = $True + GroupCreationAllowedGroupName = "All Company" + GuestUsageGuidelinesUrl = "https://contoso.com/guestusage" + UsageGuidelinesUrl = "https://contoso.com/usage" + Ensure = "Present" + Credential = $Credscredential + } + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + IpRanges = @("2.1.1.1/32") # Updated Property + IsTrusted = $False + OdataType = "#microsoft.graph.ipNamedLocation" + Ensure = "Present" + Credential = $Credscredential + } + AADRoleDefinition 'AADRoleDefinition1' + { + DisplayName = "DSCRole1" + Description = "DSC created role definition" + ResourceScopes = "/" + IsEnabled = $false # Updated Property + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" + Version = "1.0" + Ensure = "Present" + Credential = $Credscredential + } + AADRoleEligibilityScheduleRequest 'MyRequest' + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Present"; + IsValidationOnly = $True; # Updated Property + Principal = "AdeleV@$Domain"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + AADRoleSetting '28b253d8-cde5-471f-a331-fe7320023cdd' + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Present' + } + AADServicePrincipal 'AADServicePrincipal' + { + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" + AlternativeNames = "AlternativeName1","AlternativeName3" # Updated Property + AccountEnabled = $true + AppRoleAssignmentRequired = $false + Homepage = "https://$Domain" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain" + ServicePrincipalType = "Application" + Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" + Ensure = "Present" + Credential = $Credscredential + } + AADSocialIdentityProvider 'AADSocialIdentityProvider-Google' + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Present"; + IdentityProviderType = "Google"; + } + AADTenantDetails 'ÇonfigureTenantDetails' + { + IsSingleInstance = 'Yes' + TechnicalNotificationMails = "example@contoso.com" + SecurityComplianceNotificationPhones = "+1123456789" + SecurityComplianceNotificationMails = "example@contoso.com" + MarketingNotificationEmails = "example@contoso.com" + Credential = $credsCredential + } + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') + IsOrganizationDefault = $false + Ensure = "Present" + Credential = $Credscredential + } + AADUser 'ConfigureJohnSMith' + { + UserPrincipalName = "John.Smith@$Domain" + FirstName = "John" + LastName = "Smith" + DisplayName = "John J. Smith" + City = "Ottawa" # Updated + Country = "Canada" + Office = "Ottawa - Queen" + UsageLocation = "US" + Ensure = "Present" + Credential = $Credscredential + } + } + } + + $ConfigurationData = @{ + AllNodes = @( + @{ + NodeName = "Localhost" + PSDSCAllowPlaintextPassword = $true + } + ) + } + + # Compile and deploy configuration + try + { + Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop + } + catch + { + throw $_ + } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 index 494e432b67..713ae018fb 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 @@ -95,7 +95,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Ensure = 'Present' Credential = $Credential } - + Mock -CommandName Get-MgBetaEntitlementManagementAccessPackage -MockWith { + return @{ + Id = 'FakeStringValue' + } + } Mock -CommandName Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -MockWith { return $null } @@ -382,6 +386,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Ensure = 'Present' Credential = $Credential } + + Mock -CommandName Get-MgBetaEntitlementManagementAccessPackage -MockWith { + return @{ + Id = 'FakeStringValue' + } + } Mock -CommandName Get-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -MockWith { return @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index 7ead2f0a36..e8ea032e40 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -59,7 +59,20 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Write-Host -MockWith { } - Mock -CommandName Write-Host -MockWith { + Mock -CommandName Get-MgUser -MockWith { + return @{ + Id = '12345678-1234-1234-1234-123456789012' + UserPrincipalName = 'John.smith@contoso.com' + } + } + + Mock -CommandName Get-MgBetaDirectoryObject -MockWith { + return @{ + Id = '12345678-1234-1234-1234-123456789012' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.user' + } + } } } # Test contexts @@ -93,14 +106,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @() } - Mock -CommandName Get-MgBetaDirectoryObject -MockWith { - return @{ - Id = '12345678-1234-1234-1234-123456789012' - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.user' - } - } - } Mock -CommandName New-MgBetaEntitlementManagementConnectedOrganization -MockWith { return @{ Id = '12345678-1234-1234-1234-123456789012' @@ -193,7 +198,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Description = 'ConnectedOrganization_Description' DisplayName = 'ConnectedOrganization_DisplayName' - ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + ExternalSponsors = @('John.Smith@contoso.com') Id = '12345678-1234-1234-1234-123456789012' IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ @@ -202,7 +207,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors = @('12345678-1234-1234-1234-123456789012') + InternalSponsors = @('John.Smith@contoso.com') State = 'configured' Ensure = 'Present' Credential = $Credential @@ -250,7 +255,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Description = 'ConnectedOrganization_Description' DisplayName = 'ConnectedOrganization_DisplayName' - ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + ExternalSponsors = @('John.Smith@contoso.com') Id = '12345678-1234-1234-1234-123456789012' IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ @@ -259,7 +264,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors = @('12345678-1234-1234-1234-123456789012') + InternalSponsors = @('John.Smith@contoso.com') State = 'configured' Ensure = 'Present' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 index 5b68626cd5..fa5c9afa77 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRoleSetting.Tests.ps1 @@ -44,6 +44,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaRoleManagementDirectoryRoleDefinition -MockWith { return @{ DisplayName = 'User administrator' + Id = 'fe930be7-5e62-47db-91af-98c3a49a38b1' } } diff --git a/docs/docs/resources/azure-ad/AADApplication.md b/docs/docs/resources/azure-ad/AADApplication.md index 7224433224..905304b5cc 100644 --- a/docs/docs/resources/azure-ad/AADApplication.md +++ b/docs/docs/resources/azure-ad/AADApplication.md @@ -8,7 +8,7 @@ | **ObjectId** | Write | String | ObjectID of the app. | | | **AppId** | Write | String | AppId for the app. | | | **AvailableToOtherTenants** | Write | Boolean | Indicates whether this application is available in other tenants. | | -| **GroupMembershipClaims** | Write | String | A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of. | | +| **GroupMembershipClaims** | Write | String | A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. | | | **Homepage** | Write | String | The URL to the application's homepage. | | | **IdentifierUris** | Write | StringArray[] | User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain. | | | **IsFallbackPublicClient** | Write | Boolean | Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property. | | @@ -84,19 +84,20 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADApplication 'AADApp1' { DisplayName = "AppDisplayName" AvailableToOtherTenants = $false - GroupMembershipClaims = "0" - Homepage = "https://app.contoso.com" - IdentifierUris = "https://app.contoso.com" + GroupMembershipClaims = "None" + Homepage = "https://$Domain" + IdentifierUris = "https://$Domain" KnownClientApplications = "" - LogoutURL = "https://app.contoso.com/logout" + LogoutURL = "https://$Domain/logout" PublicClient = $false - ReplyURLs = "https://app.contoso.com" + ReplyURLs = "https://$Domain" Permissions = @( MSFT_AADApplicationPermission { @@ -142,19 +143,20 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADApplication 'AADApp1' { DisplayName = "AppDisplayName" AvailableToOtherTenants = $true # Updated Property - GroupMembershipClaims = "0" - Homepage = "https://app.contoso.com" - IdentifierUris = "https://app.contoso.com" + GroupMembershipClaims = "None" + Homepage = "https://$Domain" + IdentifierUris = "https://$Domain" KnownClientApplications = "" - LogoutURL = "https://app.contoso.com/logout" + LogoutURL = "https://$Domain/logout" PublicClient = $false - ReplyURLs = "https://app.contoso.com" + ReplyURLs = "https://$Domain" Permissions = @( MSFT_AADApplicationPermission { diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md index 1033682cb1..ddebf6dff2 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md @@ -126,17 +126,9 @@ Configuration Example Id = 'Legal Team' TargetType = 'group' } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' - TargetType = 'group' - } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -144,10 +136,6 @@ Configuration Example State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -155,10 +143,6 @@ Configuration Example State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -208,20 +192,12 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Legal Team' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' + Id = 'Finance Team' # Updated Property TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -229,10 +205,6 @@ Configuration Example State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -240,10 +212,6 @@ Configuration Example State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -262,7 +230,7 @@ Configuration Example TargetType = 'group' } ); - IsSoftwareOathEnabled = $True; # Updated Property + IsSoftwareOathEnabled = $False; State = "enabled"; } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md index 6ccb4a78f0..23c2499d7c 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md @@ -105,7 +105,7 @@ Configuration Example Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'DSCGroup' + Id = 'Executives' TargetType = 'group' } ); @@ -151,7 +151,7 @@ Configuration Example Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'DSCGroup' + Id = 'Executives' TargetType = 'group' } ); diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index 76071d519e..d7b1e36665 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -63,6 +63,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Id** | Write | String | The object identifier of an Azure AD group. | | +| **isRegistrationRequired** | Write | Boolean | Determines if the user is enforced to register the authentication method. | | | **TargetType** | Write | String | The type of the authentication method target. Possible values are: group and unknownFutureValue. | `group`, `unknownFutureValue` | @@ -119,9 +120,6 @@ Configuration Example AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ - - Rules = @(@() - ) X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( @@ -183,9 +181,6 @@ Configuration Example AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ - - Rules = @(@() - ) X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( @@ -220,7 +215,7 @@ Configuration Example TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "enabled"; } } } diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index 50256488d8..e7a2deec08 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -8,6 +8,8 @@ | **Id** | Write | String | Specifies the GUID for the Policy. | | | **State** | Write | String | Specifies the State of the Policy. | `disabled`, `enabled`, `enabledForReportingButNotEnforced` | | **IncludeApplications** | Write | StringArray[] | Cloud Apps in scope of the Policy. | | +| **ApplicationsFilter** | Write | String | Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID. | | +| **ApplicationsFilterMode** | Write | String | Mode to use for the filter. Possible values are include or exclude. | `include`, `exclude` | | **ExcludeApplications** | Write | StringArray[] | Cloud Apps out of scope of the Policy. | | | **IncludeUserActions** | Write | StringArray[] | User Actions in scope of the Policy. | | | **IncludeUsers** | Write | StringArray[] | Users in scope of the Policy. | | diff --git a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md index f14b0feb1b..d751a62886 100644 --- a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md +++ b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md @@ -142,9 +142,7 @@ Configuration Example ) } }; - ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' - CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' - TenantId = 'M365x35070558.onmicrosoft.com' + Credential = $credsCredential Ensure = "Present"; } } @@ -195,9 +193,7 @@ Configuration Example ) } }; - ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' - CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' - TenantId = 'M365x35070558.onmicrosoft.com' + Credential = $credsCredential Ensure = "Present"; } } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md index 493a73dd6e..7920e3ad3e 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md @@ -190,9 +190,9 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignments" { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -214,17 +214,6 @@ Configuration Example IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } @@ -249,9 +238,9 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignments" { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessPackageId = "Integration Package"; AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ IsEnabled = $True StartDateTime = '12/17/2022 23:59:59' @@ -273,17 +262,6 @@ Configuration Example IsApprovalRequired = $False IsApprovalRequiredForExtension = $False }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AllowedRequestors = @( - MSFT_MicrosoftGraphuserset{ - IsBackup = $False - Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' - odataType = '#microsoft.graph.connectedOrganizationMembers' - } - ) - AcceptRequests = $True - ScopeType = 'SpecificConnectedOrganizationSubjects' - }; Ensure = "Present" Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md index 6a299016ac..9953d70bc2 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md @@ -70,9 +70,9 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $True Managedidentity = $False @@ -102,9 +102,9 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' CatalogStatus = 'Published' - CatalogType = 'ServiceDefault' + CatalogType = 'UserManaged' Description = 'Built-in catalog.' IsExternallyVisible = $False # Updated Property Managedidentity = $False diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md index ab7401ab7a..5570af13c9 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md @@ -145,20 +145,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' - IsPendingOnboarding = $False - OriginId = 'https://contoso.sharepoint.com/' + DisplayName = 'Human Resources' + CatalogId = 'My Catalog' + Description = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + IsPendingOnboarding = $true + OriginId = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } @@ -181,20 +180,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - DisplayName = 'Communication site' - AddedBy = 'admin@contoso.onmicrosoft.com' - AddedOn = '05/11/2022 16:21:15' - CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' - Description = 'https://contoso.sharepoint.com/' - IsPendingOnboarding = $False # Updated Property - OriginId = 'https://contoso.sharepoint.com/' + DisplayName = 'Human Resources' + CatalogId = 'My Catalog' + Description = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" + IsPendingOnboarding = $false # Updated Property + OriginId = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' - Url = 'https://contoso.sharepoint.com/' + Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md b/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md index c64c9d84a9..6c2914836d 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md @@ -80,21 +80,22 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" - DisplayName = 'Contoso' + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" + DisplayName = 'o365dsc' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential @@ -118,21 +119,22 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' { - Description = "this is the tenant partner - Updated"; # Updated Property + Description = "This is the tenant partner - Updated"; # Updated Property DisplayName = "Test Tenant - DSC"; - ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + ExternalSponsors = @("AdeleV@$Domain"); IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ - ExternalTenantId = "12345678-1234-1234-1234-123456789012" - DisplayName = 'Contoso' + ExternalTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc" + DisplayName = 'o365dsc' odataType = '#microsoft.graph.azureActiveDirectoryTenant' } ); - InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + InternalSponsors = @("AdeleV@$Domain"); State = "configured"; Ensure = "Present" Credential = $Credscredential diff --git a/docs/docs/resources/azure-ad/AADGroupOwnerConsentSettings.md b/docs/docs/resources/azure-ad/AADGroupOwnerConsentSettings.md new file mode 100644 index 0000000000..8c87bd96a1 --- /dev/null +++ b/docs/docs/resources/azure-ad/AADGroupOwnerConsentSettings.md @@ -0,0 +1,114 @@ +# AADGroupOwnerConsentSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | +| **EnableGroupSpecificConsent** | Write | Boolean | Flag indicating if groups owners are allowed to grant group specific permissions. | | +| **BlockUserConsentForRiskyApps** | Write | Boolean | Flag indicating if user consent will be blocked when a risky request is detected. Administrators will still be able to consent to apps considered risky. | | +| **EnableAdminConsentRequests** | Write | Boolean | Flag indicating if users will be able to request admin consent when they are unable to grant consent to an app themselves. | | +| **ConstrainGroupSpecificConsentToMembersOfGroupName** | Write | String | If EnableGroupSpecificConsent is set to “True” and this is set to a security group name, members (both direct and transitive) of the group identified will be authorized to grant group-specific permissions to the groups they own. | | +| **Ensure** | Write | String | Specify if the Azure AD Group Consent Settings should exist or not. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + + +# AADGroupOwnerConsentPolicySettings + +## Description + +Azure AD Group Owner Consent Settings + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Directory.Read.All, Group.Read.All + +- **Update** + + - Directory.ReadWrite.All, Policy.ReadWrite.Authorization + +#### Application permissions + +- **Read** + + - Directory.Read.All, Group.Read.All + +- **Update** + + - Directory.ReadWrite.All, Policy.ReadWrite.Authorization + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupOwnerConsentSettings 'Example' + { + IsSingleInstance = "Yes" + EnableGroupSpecificConsent = $false + BlockUserConsentForRiskyApps = $true + EnableAdminConsentRequests = $false + #ConstrainGroupSpecificConsentToMembersOfGroupName = '' # value is only relevant if EnableGroupSpecificConsent is true. See example 2 + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupOwnerConsentSettings 'Example' + { + IsSingleInstance = "Yes" + EnableGroupSpecificConsent = $true # prerequisite for specifying a constraining group + ConstrainGroupSpecificConsentToMembersOfGroupName = 'Group-Vetted-GroupOwners' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md b/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md index f43ace7898..376795d4d9 100644 --- a/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md +++ b/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md @@ -73,7 +73,7 @@ Configuration Example { DisplayName = "Company Network" IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $True + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential @@ -102,8 +102,8 @@ Configuration Example AADNamedLocationPolicy 'CompanyNetwork' { DisplayName = "Company Network" - IpRanges = @("2.1.1.1/32", "1.2.2.2/32") - IsTrusted = $False # Updated Property + IpRanges = @("2.1.1.1/32") # Updated Property + IsTrusted = $False OdataType = "#microsoft.graph.ipNamedLocation" Ensure = "Present" Credential = $Credscredential diff --git a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md index ef5191b080..31ca7a5d40 100644 --- a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md +++ b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md @@ -137,6 +137,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADRoleEligibilityScheduleRequest "MyRequest" @@ -146,7 +147,7 @@ Configuration Example DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $False; - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' @@ -178,6 +179,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADRoleEligibilityScheduleRequest "MyRequest" @@ -187,7 +189,7 @@ Configuration Example DirectoryScopeId = "/"; Ensure = "Present"; IsValidationOnly = $True; # Updated Property - Principal = "John.Smith@$OrganizationName"; + Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { startDateTime = '2023-09-01T02:40:44Z' diff --git a/docs/docs/resources/azure-ad/AADRoleSetting.md b/docs/docs/resources/azure-ad/AADRoleSetting.md index 4ce54475f7..c666d97328 100644 --- a/docs/docs/resources/azure-ad/AADRoleSetting.md +++ b/docs/docs/resources/azure-ad/AADRoleSetting.md @@ -91,71 +91,6 @@ To authenticate with the Microsoft Graph API, this resource required the followi This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. -```powershell -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $True; - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Present' - } - } -} -``` - -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - ```powershell Configuration Example { @@ -216,7 +151,7 @@ Configuration Example } ``` -### Example 3 +### Example 2 This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. diff --git a/docs/docs/resources/azure-ad/AADServicePrincipal.md b/docs/docs/resources/azure-ad/AADServicePrincipal.md index f5c4d6c8ae..6b31571f6c 100644 --- a/docs/docs/resources/azure-ad/AADServicePrincipal.md +++ b/docs/docs/resources/azure-ad/AADServicePrincipal.md @@ -84,22 +84,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" AlternativeNames = "AlternativeName1","AlternativeName2" AccountEnabled = $true AppRoleAssignmentRequired = $false - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + Homepage = "https://$Domain" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" @@ -124,22 +121,19 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" - AlternativeNames = "AlternativeName1","AlternativeName2" + AppId = 'AppDisplayName' + DisplayName = "AppDisplayName" + AlternativeNames = "AlternativeName1","AlternativeName3" # Updated Property AccountEnabled = $true - AppRoleAssignmentRequired = $true # Updated Property - ErrorUrl = "" - Homepage = "https://AADAppName.contoso.com" - LogoutUrl = "https://AADAppName.contoso.com/logout" - PublisherName = "Contoso" - ReplyURLs = "https://AADAppName.contoso.com" - SamlMetadataURL = "" - ServicePrincipalNames = "", "https://AADAppName.contoso.com" + AppRoleAssignmentRequired = $false + Homepage = "https://$Domain" + LogoutUrl = "https://$Domain/logout" + ReplyURLs = "https://$Domain" ServicePrincipalType = "Application" Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" Ensure = "Present" diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index 4d5ef9b418..0153626464 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -85,19 +85,18 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Gatineau" Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential @@ -121,19 +120,18 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" City = "Ottawa" # Updated Country = "Canada" Office = "Ottawa - Queen" - LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential @@ -157,12 +155,12 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { - $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@$Organization" + UserPrincipalName = "John.Smith@$Domain" Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOMailContact.md b/docs/docs/resources/exchange/EXOMailContact.md index 5266f130b1..e7cc1779c4 100644 --- a/docs/docs/resources/exchange/EXOMailContact.md +++ b/docs/docs/resources/exchange/EXOMailContact.md @@ -19,6 +19,26 @@ | **OrganizationalUnit** | Write | String | The OrganizationalUnit parameter specifies the location in Active Directory where the new contact is created. | | | **SendModerationNotifications** | Write | String | The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: ALways, Internal, Never | `Always`, `Internal`, `Never` | | **UsePreferMessageFormat** | Write | Boolean | The UsePreferMessageFormat specifies whether the message format settings configured for the mail user or mail contact override the global settings configured for the remote domain or configured by the message sender | | +| **CustomAttribute1** | Write | String | The CustomAttribute1 parameter specifies the value of the CustomAttribute1 | | +| **CustomAttribute2** | Write | String | The CustomAttribute2 parameter specifies the value of the CustomAttribute2 | | +| **CustomAttribute3** | Write | String | The CustomAttribute3 parameter specifies the value of the CustomAttribute3 | | +| **CustomAttribute4** | Write | String | The CustomAttribute4 parameter specifies the value of the CustomAttribute4 | | +| **CustomAttribute5** | Write | String | The CustomAttribute5 parameter specifies the value of the CustomAttribute5 | | +| **CustomAttribute6** | Write | String | The CustomAttribute6 parameter specifies the value of the CustomAttribute6 | | +| **CustomAttribute7** | Write | String | The CustomAttribute7 parameter specifies the value of the CustomAttribute7 | | +| **CustomAttribute8** | Write | String | The CustomAttribute8 parameter specifies the value of the CustomAttribute8 | | +| **CustomAttribute9** | Write | String | The CustomAttribute9 parameter specifies the value of the CustomAttribute9 | | +| **CustomAttribute10** | Write | String | The CustomAttribute10 parameter specifies the value of the CustomAttribute10 | | +| **CustomAttribute11** | Write | String | The CustomAttribute11 parameter specifies the value of the CustomAttribute11 | | +| **CustomAttribute12** | Write | String | The CustomAttribute12 parameter specifies the value of the CustomAttribute12 | | +| **CustomAttribute13** | Write | String | The CustomAttribute13 parameter specifies the value of the CustomAttribute13 | | +| **CustomAttribute14** | Write | String | The CustomAttribute14 parameter specifies the value of the CustomAttribute14 | | +| **CustomAttribute15** | Write | String | The CustomAttribute15 parameter specifies the value of the CustomAttribute15 | | +| **ExtensionCustomAttribute1** | Write | StringArray[] | The ExtensionCustomAttribute1 parameter specifies the value of the ExtensionCustomAttribute1 | | +| **ExtensionCustomAttribute2** | Write | StringArray[] | The ExtensionCustomAttribute2 parameter specifies the value of the ExtensionCustomAttribute2 | | +| **ExtensionCustomAttribute3** | Write | StringArray[] | The ExtensionCustomAttribute3 parameter specifies the value of the ExtensionCustomAttribute3 | | +| **ExtensionCustomAttribute4** | Write | StringArray[] | The ExtensionCustomAttribute4 parameter specifies the value of the ExtensionCustomAttribute4 | | +| **ExtensionCustomAttribute5** | Write | StringArray[] | The ExtensionCustomAttribute5 parameter specifies the value of the ExtensionCustomAttribute5 | | | **Ensure** | Write | String | Specifies if this Contact should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | @@ -61,7 +81,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $credsCredential + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -69,20 +89,22 @@ Configuration Example { EXOMailContact 'TestMailContact' { - Alias = "TestMailContact"; - Credential = $Credscredential; - DisplayName = "My Test Contact"; - Ensure = "Present"; - ExternalEmailAddress = "SMTP:test@tailspintoys.com"; - MacAttachmentFormat = "BinHex"; - MessageBodyFormat = "TextAndHtml"; - MessageFormat = "Mime"; - ModeratedBy = @(); - ModerationEnabled = $False; - Name = "My Test Contact"; - OrganizationalUnit = "nampr03a010.prod.outlook.com/Microsoft Exchange Hosted Organizations/$OrganizationName"; - SendModerationNotifications = "Always"; - UsePreferMessageFormat = $True; + Alias = 'TestMailContact' + Credential = $Credscredential + DisplayName = 'My Test Contact' + Ensure = 'Present' + ExternalEmailAddress = 'SMTP:test@tailspintoys.com' + MacAttachmentFormat = 'BinHex' + MessageBodyFormat = 'TextAndHtml' + MessageFormat = 'Mime' + ModeratedBy = @() + ModerationEnabled = $false + Name = 'My Test Contact' + OrganizationalUnit = "nampr03a010.prod.outlook.com/Microsoft Exchange Hosted Organizations/$OrganizationName" + SendModerationNotifications = 'Always' + UsePreferMessageFormat = $true + CustomAttribute1 = 'Custom Value 1' + ExtensionCustomAttribute5 = 'Extension Custom Value 1', 'Extension Custom Value 2' } } } diff --git a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md index 2ca9d67bb4..2dbbf71950 100644 --- a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **Name** | Key | String | Name of the Rule. | | | **Policy** | Required | String | Name of the associated DLP Compliance Policy. | | -| **AccessScope** | Write | StringArray[] | The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. | `InOrganization`, `NotInOrganization`, `None` | +| **AccessScope** | Write | String | The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. | `InOrganization`, `NotInOrganization`, `None` | | **BlockAccess** | Write | Boolean | The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value. | | | **BlockAccessScope** | Write | String | The BlockAccessScope parameter specifies the scope of the block access action. | `All`, `PerUser` | | **Comment** | Write | String | The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks. | |