Merge pull request #4719 from microsoft/Dev

Release 1.24.529.1

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Change log for Microsoft365DSC
 
+# 1.24.529.1
+
+* AADAdministrativeUnit
+  * Implemented advanced query based on
+    https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http#administrative-unit-properties
+* AADAuthenticationMethodPolicy
+  * Add support for disabled policies
+* AADConditionalAccessPolicy
+  * Fix get method if value is null instead of false
+* IntuneAppConfigurationDevicePolicy
+  * Initial release
+* IntuneDeviceRemediation
+  * Added support for Access Tokens
+* IntuneDiskEncryptionMacOS
+  * Initial Release
+* IntuneSettingCatalogASRRulesPolicyWindows10
+  * Add missing properties
+    FIXES [#4713](https://github.com/microsoft/Microsoft365DSC/issues/4713)
+* O365AdminAuditLogConfig
+  * Fix logging of exception if Set-AdminAuditLogConfig fails
+    FIXES [#4645](https://github.com/microsoft/Microsoft365DSC/issues/4645)
+* ResourceGenerator
+  * Added `AccessTokens` parameter to PS1 and MOF template
+* DEPENDENCIES
+  * Updated DSCParser to version 2.0.0.5.
+  * Rolling back ExchangeOnlineManagement to version 3.4.0.
+
 # 1.24.522.1
 
 * IntuneDeviceConfigurationPlatformScriptWindows
@@ -9,16 +36,16 @@
   * Initial Release
   FIXES [#4157](https://github.com/microsoft/Microsoft365DSC/issues/4157)
 * IntuneDeviceEnrollmentPlatformRestriction
-  * Fix missing export of the default policy  
+  * Fix missing export of the default policy
   FIXES [#4694](https://github.com/microsoft/Microsoft365DSC/issues/4694)
 * IntuneDeviceEnrollmentStatusPageWindows10
   * Return all authentication methods when retrieving the policies otherwise
     it may fail deducing the OrganizationName via TenantId
 * IntuneDeviceRemediation
-  * Initial Release  
+  * Initial Release
     FIXES [#4159](https://github.com/microsoft/Microsoft365DSC/issues/4159)
 * IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10
-  * Initial Release  
+  * Initial Release
     FIXES [#3747](https://github.com/microsoft/Microsoft365DSC/issues/3747)
 * SPOTenantCdnPolicy
   * If properties in the tenant are empty then export them as empty arrays

Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1

@@ -1010,7 +1010,51 @@ function Export-TargetResource
     {
         $Script:ExportMode = $true
         #region resource generator code
-        [array] $Script:exportedInstances = Get-MgBetaDirectoryAdministrativeUnit -Filter $Filter -All:$true -ErrorAction Stop
+        $ExportParameters = @{
+            Filter      = $Filter
+            All         = [switch]$true
+            ErrorAction = 'Stop'
+        }
+        $queryTypes = @{
+                        'eq' = @('description')
+                        'startsWith' = @('description')
+                        'eq null' = @(
+                            'description',
+                            'displayName'
+                            )
+        }
+
+        #extract arguments from the query
+        # Define the regex pattern to match all words in the query
+        $pattern = "([^\s,()]+)"
+        $query = $Filter
+
+        # Match all words in the query
+        $matches = [regex]::matches($query, $pattern)
+
+        # Extract the matched argument into an array
+        $arguments = @()
+        foreach ($match in $matches) {
+        $arguments += $match.Value
+        }
+
+        #extracting keys to check vs arguments in the filter
+        $Keys = $queryTypes.Keys
+
+        $matchedKey = $arguments | Where-Object { $_ -in $Keys }
+        $matchedProperty = $arguments | Where-Object { $_ -in $queryTypes[$matchedKey]}
+        if ($matchedProperty -and $matchedKey) {
+            $allConditionsMatched = $true
+        }
+
+        # If all conditions match the support, add parameters to $ExportParameters
+        if ($allConditionsMatched -or $Filter -like '*endsWith*')
+        {
+            $ExportParameters.Add('CountVariable', 'count')
+            $ExportParameters.Add('headers', @{"ConsistencyLevel" = "Eventual"})
+        }
+
+        [array] $Script:exportedInstances = Get-MgBetaDirectoryAdministrativeUnit @ExportParameters
         #endregion
 
         $i = 1

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1

@@ -90,7 +90,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Authenticator with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyEmail/MSFT_AADAuthenticationMethodPolicyEmail.psm1

@@ -88,7 +88,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Email with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1

@@ -95,7 +95,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Fido2 with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySms/MSFT_AADAuthenticationMethodPolicySms.psm1

@@ -83,7 +83,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Sms with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicySoftware/MSFT_AADAuthenticationMethodPolicySoftware.psm1

@@ -83,7 +83,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Software with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1

@@ -103,7 +103,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyVoice/MSFT_AADAuthenticationMethodPolicyVoice.psm1

@@ -87,7 +87,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Voice with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1

@@ -88,7 +88,7 @@ function Get-TargetResource
         $getValue = Get-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $Id -ErrorAction SilentlyContinue
 
         #endregion
-        if ($null -eq $getValue -or $getValue.State -eq 'disabled')
+        if ($null -eq $getValue)
         {
             Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy X509 with id {$id}"
             return $nullResult

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -661,20 +661,20 @@ function Get-TargetResource
         BuiltInControls                          = [System.String[]](@() + $Policy.GrantControls.BuiltInControls)
         CustomAuthenticationFactors              = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors)
         #no translation needed, return empty string array if undefined
-        ApplicationEnforcedRestrictionsIsEnabled = $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled
+        ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled
         #make false if undefined, true if true
-        CloudAppSecurityIsEnabled                = $Policy.SessionControls.CloudAppSecurity.IsEnabled
+        CloudAppSecurityIsEnabled                = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled
         #make false if undefined, true if true
         CloudAppSecurityType                     = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType
         #no translation needed, return empty string array if undefined
-        SignInFrequencyIsEnabled                 = $Policy.SessionControls.SignInFrequency.IsEnabled
+        SignInFrequencyIsEnabled                 = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled
         #make false if undefined, true if true
         SignInFrequencyValue                     = $Policy.SessionControls.SignInFrequency.Value
         #no translation or conversion needed, $null returned if undefined
         SignInFrequencyType                      = [System.String]$Policy.SessionControls.SignInFrequency.Type
         SignInFrequencyInterval                  = $SignInFrequencyIntervalValue
         #no translation needed
-        PersistentBrowserIsEnabled               = $Policy.SessionControls.PersistentBrowser.IsEnabled
+        PersistentBrowserIsEnabled               = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
         #make false if undefined, true if true
         PersistentBrowserMode                    = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
         #no translation needed

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAcceptedDomain/MSFT_EXOAcceptedDomain.psm1

@@ -60,9 +60,6 @@ function Get-TargetResource
         $AccessTokens
     )
     Write-Verbose -Message "Getting configuration of Accepted Domain for $Identity"
-    Write-Verbose -Message "Access: $($AccessTokens | Out-String)"
-
-    Write-Verbose -Message "Tenant: $($TenantId | Out-String)"
 
     if ($Global:CurrentModeIsExport)
     {