From 59ebca1f4b067e7d0e6e9ad38601305686ea7303 Mon Sep 17 00:00:00 2001 From: Julius Rauschen Date: Mon, 10 Feb 2025 15:18:55 +0100 Subject: [PATCH 01/35] Add new properties --- CHANGELOG.md | 2 + .../MSFT_SPOTenantSettings.psm1 | 227 +++++++++++++++++- .../MSFT_SPOTenantSettings.schema.mof | 10 + 3 files changed, 238 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c12965902..b7f0665df7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * EXORetentionPolicyTag * Initial release. +* SPOTenantSettings + * Add EnableAzureADB2BIntegration, SharingCapability, OneDriveSharingCapability, PreventExternalUsersFromResharing, SharingDomainRestrictionMode, SharingAllowedDomainList, DefaultSharingLinkType, ExternalUserExpirationRequired, ExternalUserExpireInDays, DefaultLinkPermission properties # 1.25.205.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index cdc32fb589..47333e2018 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -9,6 +9,51 @@ function Get-TargetResource [String] $IsSingleInstance, + [Parameter()] + [System.Boolean] + $EnableAzureADB2BIntegration, + + [Parameter()] + [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] + [System.String] + $SharingCapability, + + [Parameter()] + [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] + [System.String] + $OneDriveSharingCapability, + + [Parameter()] + [System.Boolean] + $PreventExternalUsersFromResharing, + + [Parameter()] + [ValidateSet('None', 'AllowList', 'BlockList')] + [System.String] + $SharingDomainRestrictionMode, + + [Parameter()] + [System.String] + $SharingAllowedDomainList, + + [Parameter()] + [ValidateSet('None', 'Direct', 'Internal', 'AnonymousAccess')] + [System.String] + $DefaultSharingLinkType, + + [Parameter()] + [System.Boolean] + $ExternalUserExpirationRequired, + + [Parameter()] + [System.UInt32] + $ExternalUserExpireInDays, + + [Parameter()] + [ValidateSet('None', 'View', 'Edit', 'Review', 'RestrictedView')] + [System.String] + $DefaultLinkPermission, + [Parameter()] [System.UInt32] $MinCompatibilityLevel, @@ -209,7 +254,17 @@ function Get-TargetResource 'AllowSelectSGsInODBListInTenant', 'DenySelectSGsInODBListInTenant', 'DenySelectSecurityGroupsInSPSitesList', - 'AllowSelectSecurityGroupsInSPSitesList') + 'AllowSelectSecurityGroupsInSPSitesList', + 'EnableAzureADB2BIntegration', + 'SharingCapability', + 'OneDriveSharingCapability', + 'PreventExternalUsersFromResharing', + 'SharingDomainRestrictionMode', + 'SharingAllowedDomainList', + 'DefaultSharingLinkType', + 'ExternalUserExpirationRequired', + 'ExternalUserExpireInDays', + 'DefaultLinkPermission') $response = Invoke-PnPSPRestMethod -Method Get ` -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" @@ -222,6 +277,16 @@ function Get-TargetResource DenySelectSGsInODBListInTenant = $response.DenySelectSGsInODBListInTenant DenySelectSecurityGroupsInSPSitesList = $response.DenySelectSecurityGroupsInSPSitesList AllowSelectSecurityGroupsInSPSitesList = $response.AllowSelectSecurityGroupsInSPSitesList + EnableAzureADB2BIntegration = $response.EnableAzureADB2BIntegration + SharingCapability = $response.SharingCapability + OneDriveSharingCapability = $response.OneDriveSharingCapability + PreventExternalUsersFromResharing = $response.PreventExternalUsersFromResharing + SharingDomainRestrictionMode = $response.SharingDomainRestrictionMode + SharingAllowedDomainList = $response.SharingAllowedDomainList + DefaultSharingLinkType = $response.DefaultSharingLinkType + ExternalUserExpirationRequired = $response.ExternalUserExpirationRequired + ExternalUserExpireInDays = $response.ExternalUserExpireInDays + DefaultLinkPermission = $response.DefaultLinkPermission MinCompatibilityLevel = $MinCompat MaxCompatibilityLevel = $MaxCompat SearchResolveExactEmailOrUPN = $SPOTenantSettings.SearchResolveExactEmailOrUPN @@ -283,6 +348,51 @@ function Set-TargetResource [String] $IsSingleInstance, + [Parameter()] + [System.Boolean] + $EnableAzureADB2BIntegration, + + [Parameter()] + [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] + [System.String] + $SharingCapability, + + [Parameter()] + [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] + [System.String] + $OneDriveSharingCapability, + + [Parameter()] + [System.Boolean] + $PreventExternalUsersFromResharing, + + [Parameter()] + [ValidateSet('None', 'AllowList', 'BlockList')] + [System.String] + $SharingDomainRestrictionMode, + + [Parameter()] + [System.String] + $SharingAllowedDomainList, + + [Parameter()] + [ValidateSet('None', 'Direct', 'Internal', 'AnonymousAccess')] + [System.String] + $DefaultSharingLinkType, + + [Parameter()] + [System.Boolean] + $ExternalUserExpirationRequired, + + [Parameter()] + [System.UInt32] + $ExternalUserExpireInDays, + + [Parameter()] + [ValidateSet('None', 'View', 'Edit', 'Review', 'RestrictedView')] + [System.String] + $DefaultLinkPermission, + [Parameter()] [System.UInt32] $MinCompatibilityLevel, @@ -476,6 +586,16 @@ function Set-TargetResource $CurrentParameters.Remove('DenySelectSGsInODBListInTenant') | Out-Null $CurrentParameters.Remove('DenySelectSecurityGroupsInSPSitesList') | Out-Null $CurrentParameters.Remove('AllowSelectSecurityGroupsInSPSitesList') | Out-Null + $CurrentParameters.Remove('EnableAzureADB2BIntegration') | Out-Null + $CurrentParameters.Remove('OneDriveSharingCapability') | Out-Null + $CurrentParameters.Remove('PreventExternalUsersFromResharing') | Out-Null + $CurrentParameters.Remove('SharingDomainRestrictionMode') | Out-Null + $CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null + $CurrentParameters.Remove('DefaultSharingLinkType') | Out-Null + $CurrentParameters.Remove('ExternalUserExpireInDays') | Out-Null + $CurrentParameters.Remove('ExternalUserExpirationRequired') | Out-Null + $CurrentParameters.Remove('ExternalUserExpireInDays') | Out-Null + $CurrentParameters.Remove('DefaultLinkPermission') | Out-Null $CurrentParameters.Remove('TenantDefaultTimezone') | Out-Null # this one is updated separately using Graph if ($CurrentParameters.Keys.Contains('UserVoiceForFeedbackEnabled')) @@ -532,6 +652,66 @@ function Set-TargetResource $paramsToUpdate.Add('AllowSelectSecurityGroupsInSPSitesList', $AllowSelectSecurityGroupsInSPSitesList) } + if ($null -ne $EnableAzureADB2BIntegration) + { + $needToUpdate = $true + $paramsToUpdate.Add('EnableAzureADB2BIntegration', $EnableAzureADB2BIntegration) + } + + if ($null -ne $SharingCapability) + { + $needToUpdate = $true + $paramsToUpdate.Add('SharingCapability', $SharingCapability) + } + + if ($null -ne $OneDriveSharingCapability) + { + $needToUpdate = $true + $paramsToUpdate.Add('OneDriveSharingCapability', $OneDriveSharingCapability) + } + + if ($null -ne $PreventExternalUsersFromResharing) + { + $needToUpdate = $true + $paramsToUpdate.Add('PreventExternalUsersFromResharing', $PreventExternalUsersFromResharing) + } + + if ($null -ne $SharingDomainRestrictionMode) + { + $needToUpdate = $true + $paramsToUpdate.Add('SharingDomainRestrictionMode', $SharingDomainRestrictionMode) + } + + if ($null -ne $SharingAllowedDomainList) + { + $needToUpdate = $true + $paramsToUpdate.Add('SharingAllowedDomainList', $SharingAllowedDomainList) + } + + if ($null -ne $DefaultSharingLinkType) + { + $needToUpdate = $true + $paramsToUpdate.Add('DefaultSharingLinkType', $DefaultSharingLinkType) + } + + if ($null -ne $ExternalUserExpirationRequired) + { + $needToUpdate = $true + $paramsToUpdate.Add('ExternalUserExpirationRequired', $ExternalUserExpirationRequired) + } + + if ($null -ne $ExternalUserExpireInDays) + { + $needToUpdate = $true + $paramsToUpdate.Add('ExternalUserExpireInDays', $ExternalUserExpireInDays) + } + + if ($null -ne $DefaultLinkPermission) + { + $needToUpdate = $true + $paramsToUpdate.Add('DefaultLinkPermission', $DefaultLinkPermission) + } + if ($needToUpdate) { Write-Verbose -Message 'Updating properties via REST PATCH call.' @@ -564,6 +744,51 @@ function Test-TargetResource [String] $IsSingleInstance, + [Parameter()] + [System.Boolean] + $EnableAzureADB2BIntegration, + + [Parameter()] + [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] + [System.String] + $SharingCapability, + + [Parameter()] + [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] + [System.String] + $OneDriveSharingCapability, + + [Parameter()] + [System.Boolean] + $PreventExternalUsersFromResharing, + + [Parameter()] + [ValidateSet('None', 'AllowList', 'BlockList')] + [System.String] + $SharingDomainRestrictionMode, + + [Parameter()] + [System.String] + $SharingAllowedDomainList, + + [Parameter()] + [ValidateSet('None', 'Direct', 'Internal', 'AnonymousAccess')] + [System.String] + $DefaultSharingLinkType, + + [Parameter()] + [System.Boolean] + $ExternalUserExpirationRequired, + + [Parameter()] + [System.UInt32] + $ExternalUserExpireInDays, + + [Parameter()] + [ValidateSet('None', 'View', 'Edit', 'Review', 'RestrictedView')] + [System.String] + $DefaultLinkPermission, + [Parameter()] [System.UInt32] $MinCompatibilityLevel, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index 9f9fca89d5..6f17b7f04d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -2,6 +2,16 @@ class MSFT_SPOTenantSettings : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"),ValueMap{"Yes"},Values{"Yes"}] String IsSingleInstance; + [Write, Description("Enables OneDrive and SharePoint integration with Microsoft Entra B2B.")] boolean EnableAzureADB2BIntegration; + [Write, Description("Determines what level of sharing is available for OneDrive and SharePoint sites."), ValueMap{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}, Values{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}] string SharingCapability; + [Write, Description("Determines what level of sharing is available for OneDrive sites. It corresponds to the SharingCapabilities for OneDrive sites."), ValueMap{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}, Values{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}] string OneDriveSharingCapability; + [Write, Description("Prevents external users from resharing files, folders, and sites that they do not own.")] boolean PreventExternalUsersFromResharing; + [Write, Description("Specifies the external sharing mode for domains."), ValueMap{"None", "AllowList", "BlockList"}, Values{"None", "AllowList", "BlockList"}] string SharingDomainRestrictionMode; + [Write, Description("Specifies a list of email domains that are allowed for sharing with the external collaborators. Use the space character as the delimiter for entering multiple values. For example, "contoso.com fabrikam.com".")] string SharingAllowedDomainList; + [Write, Description("Lets administrators choose the default link type in the sharing dialog box in OneDrive for Business and SharePoint Online."), ValueMap{"None", "Direct", "Internal", "AnonymousAccess"}, Values{"None", "Direct", "Internal", "AnonymousAccess"}] string DefaultSharingLinkType; + [Write, Description("Specifies whether to enable the external user expiration policy, where external users will be expired and removed from the site collection in a given number of days.")] boolean ExternalUserExpirationRequired; + [Write, Description("Specifies the number of days before an external user will expire and be removed from the site collection if the policy is enabled. Value can be from 30 to 730 days.")] uint32 ExternalUserExpireInDays; + [Write, Description("This parameter sets the default share link role on OneDrive sites. It replaces the DefaultLinkPermission."), ValueMap{"None", "View", "Edit", "Review", "RestrictedView"}, Values{"None", "View", "Edit", "Review", "RestrictedView"}] string DefaultLinkPermission; [Write, Description("Specifies the lower bound on the compatibility level for new sites.")] uint32 MinCompatibilityLevel; [Write, Description("Specifies the upper bound on the compatibility level for new sites.")] uint32 MaxCompatibilityLevel; [Write, Description("Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired.")] boolean SearchResolveExactEmailOrUPN; From 6fdf264f0e87bb8172adac30a2b316542b49366f Mon Sep 17 00:00:00 2001 From: Julius Rauschen Date: Thu, 13 Feb 2025 10:45:59 +0100 Subject: [PATCH 02/35] Remove properties already present in SPOSharingSettings --- CHANGELOG.md | 6 +- .../MSFT_SPOTenantSettings.psm1 | 182 +----------------- .../MSFT_SPOTenantSettings.schema.mof | 8 - 3 files changed, 2 insertions(+), 194 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9e679ae20..1d09879f8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,11 +16,7 @@ * Updated authentication properties to align with MOF definition. FIXES [#5709](https://github.com/microsoft/Microsoft365DSC/issues/5709) * SPOTenantSettings - * Add EnableAzureADB2BIntegration, SharingCapability, OneDriveSharingCapability, - PreventExternalUsersFromResharing, SharingDomainRestrictionMode, - SharingAllowedDomainList, DefaultSharingLinkType, - ExternalUserExpirationRequired, ExternalUserExpireInDays, DefaultLinkPermission - properties + * Add EnableAzureADB2BIntegration and OneDriveSharingCapability properties * MISC * PowerPlatform resource revamp to use direct REST API calls. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index 12e2b38dde..54c8c1d172 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -13,47 +13,11 @@ function Get-TargetResource [System.Boolean] $EnableAzureADB2BIntegration, - [Parameter()] - [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] - [System.String] - $SharingCapability, - [Parameter()] [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] [System.String] $OneDriveSharingCapability, - [Parameter()] - [System.Boolean] - $PreventExternalUsersFromResharing, - - [Parameter()] - [ValidateSet('None', 'AllowList', 'BlockList')] - [System.String] - $SharingDomainRestrictionMode, - - [Parameter()] - [System.String] - $SharingAllowedDomainList, - - [Parameter()] - [ValidateSet('None', 'Direct', 'Internal', 'AnonymousAccess')] - [System.String] - $DefaultSharingLinkType, - - [Parameter()] - [System.Boolean] - $ExternalUserExpirationRequired, - - [Parameter()] - [System.UInt32] - $ExternalUserExpireInDays, - - [Parameter()] - [ValidateSet('None', 'View', 'Edit', 'Review', 'RestrictedView')] - [System.String] - $DefaultLinkPermission, - [Parameter()] [System.UInt32] $MinCompatibilityLevel, @@ -256,15 +220,7 @@ function Get-TargetResource 'DenySelectSecurityGroupsInSPSitesList', 'AllowSelectSecurityGroupsInSPSitesList', 'EnableAzureADB2BIntegration', - 'SharingCapability', - 'OneDriveSharingCapability', - 'PreventExternalUsersFromResharing', - 'SharingDomainRestrictionMode', - 'SharingAllowedDomainList', - 'DefaultSharingLinkType', - 'ExternalUserExpirationRequired', - 'ExternalUserExpireInDays', - 'DefaultLinkPermission') + 'OneDriveSharingCapability') $response = Invoke-PnPSPRestMethod -Method Get ` -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" @@ -278,15 +234,7 @@ function Get-TargetResource DenySelectSecurityGroupsInSPSitesList = $response.DenySelectSecurityGroupsInSPSitesList AllowSelectSecurityGroupsInSPSitesList = $response.AllowSelectSecurityGroupsInSPSitesList EnableAzureADB2BIntegration = $response.EnableAzureADB2BIntegration - SharingCapability = $response.SharingCapability OneDriveSharingCapability = $response.OneDriveSharingCapability - PreventExternalUsersFromResharing = $response.PreventExternalUsersFromResharing - SharingDomainRestrictionMode = $response.SharingDomainRestrictionMode - SharingAllowedDomainList = $response.SharingAllowedDomainList - DefaultSharingLinkType = $response.DefaultSharingLinkType - ExternalUserExpirationRequired = $response.ExternalUserExpirationRequired - ExternalUserExpireInDays = $response.ExternalUserExpireInDays - DefaultLinkPermission = $response.DefaultLinkPermission MinCompatibilityLevel = $MinCompat MaxCompatibilityLevel = $MaxCompat SearchResolveExactEmailOrUPN = $SPOTenantSettings.SearchResolveExactEmailOrUPN @@ -352,47 +300,11 @@ function Set-TargetResource [System.Boolean] $EnableAzureADB2BIntegration, - [Parameter()] - [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] - [System.String] - $SharingCapability, - [Parameter()] [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] [System.String] $OneDriveSharingCapability, - [Parameter()] - [System.Boolean] - $PreventExternalUsersFromResharing, - - [Parameter()] - [ValidateSet('None', 'AllowList', 'BlockList')] - [System.String] - $SharingDomainRestrictionMode, - - [Parameter()] - [System.String] - $SharingAllowedDomainList, - - [Parameter()] - [ValidateSet('None', 'Direct', 'Internal', 'AnonymousAccess')] - [System.String] - $DefaultSharingLinkType, - - [Parameter()] - [System.Boolean] - $ExternalUserExpirationRequired, - - [Parameter()] - [System.UInt32] - $ExternalUserExpireInDays, - - [Parameter()] - [ValidateSet('None', 'View', 'Edit', 'Review', 'RestrictedView')] - [System.String] - $DefaultLinkPermission, - [Parameter()] [System.UInt32] $MinCompatibilityLevel, @@ -588,14 +500,6 @@ function Set-TargetResource $CurrentParameters.Remove('AllowSelectSecurityGroupsInSPSitesList') | Out-Null $CurrentParameters.Remove('EnableAzureADB2BIntegration') | Out-Null $CurrentParameters.Remove('OneDriveSharingCapability') | Out-Null - $CurrentParameters.Remove('PreventExternalUsersFromResharing') | Out-Null - $CurrentParameters.Remove('SharingDomainRestrictionMode') | Out-Null - $CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null - $CurrentParameters.Remove('DefaultSharingLinkType') | Out-Null - $CurrentParameters.Remove('ExternalUserExpireInDays') | Out-Null - $CurrentParameters.Remove('ExternalUserExpirationRequired') | Out-Null - $CurrentParameters.Remove('ExternalUserExpireInDays') | Out-Null - $CurrentParameters.Remove('DefaultLinkPermission') | Out-Null $CurrentParameters.Remove('TenantDefaultTimezone') | Out-Null # this one is updated separately using Graph if ($CurrentParameters.Keys.Contains('UserVoiceForFeedbackEnabled')) @@ -658,60 +562,12 @@ function Set-TargetResource $paramsToUpdate.Add('EnableAzureADB2BIntegration', $EnableAzureADB2BIntegration) } - if ($null -ne $SharingCapability) - { - $needToUpdate = $true - $paramsToUpdate.Add('SharingCapability', $SharingCapability) - } - if ($null -ne $OneDriveSharingCapability) { $needToUpdate = $true $paramsToUpdate.Add('OneDriveSharingCapability', $OneDriveSharingCapability) } - if ($null -ne $PreventExternalUsersFromResharing) - { - $needToUpdate = $true - $paramsToUpdate.Add('PreventExternalUsersFromResharing', $PreventExternalUsersFromResharing) - } - - if ($null -ne $SharingDomainRestrictionMode) - { - $needToUpdate = $true - $paramsToUpdate.Add('SharingDomainRestrictionMode', $SharingDomainRestrictionMode) - } - - if ($null -ne $SharingAllowedDomainList) - { - $needToUpdate = $true - $paramsToUpdate.Add('SharingAllowedDomainList', $SharingAllowedDomainList) - } - - if ($null -ne $DefaultSharingLinkType) - { - $needToUpdate = $true - $paramsToUpdate.Add('DefaultSharingLinkType', $DefaultSharingLinkType) - } - - if ($null -ne $ExternalUserExpirationRequired) - { - $needToUpdate = $true - $paramsToUpdate.Add('ExternalUserExpirationRequired', $ExternalUserExpirationRequired) - } - - if ($null -ne $ExternalUserExpireInDays) - { - $needToUpdate = $true - $paramsToUpdate.Add('ExternalUserExpireInDays', $ExternalUserExpireInDays) - } - - if ($null -ne $DefaultLinkPermission) - { - $needToUpdate = $true - $paramsToUpdate.Add('DefaultLinkPermission', $DefaultLinkPermission) - } - if ($needToUpdate) { Write-Verbose -Message 'Updating properties via REST PATCH call.' @@ -748,47 +604,11 @@ function Test-TargetResource [System.Boolean] $EnableAzureADB2BIntegration, - [Parameter()] - [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] - [System.String] - $SharingCapability, - [Parameter()] [ValidateSet('ExternalUserAndGuestSharing', 'Disabled', 'ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly')] [System.String] $OneDriveSharingCapability, - [Parameter()] - [System.Boolean] - $PreventExternalUsersFromResharing, - - [Parameter()] - [ValidateSet('None', 'AllowList', 'BlockList')] - [System.String] - $SharingDomainRestrictionMode, - - [Parameter()] - [System.String] - $SharingAllowedDomainList, - - [Parameter()] - [ValidateSet('None', 'Direct', 'Internal', 'AnonymousAccess')] - [System.String] - $DefaultSharingLinkType, - - [Parameter()] - [System.Boolean] - $ExternalUserExpirationRequired, - - [Parameter()] - [System.UInt32] - $ExternalUserExpireInDays, - - [Parameter()] - [ValidateSet('None', 'View', 'Edit', 'Review', 'RestrictedView')] - [System.String] - $DefaultLinkPermission, - [Parameter()] [System.UInt32] $MinCompatibilityLevel, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index 6f17b7f04d..7638890612 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -3,15 +3,7 @@ class MSFT_SPOTenantSettings : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"),ValueMap{"Yes"},Values{"Yes"}] String IsSingleInstance; [Write, Description("Enables OneDrive and SharePoint integration with Microsoft Entra B2B.")] boolean EnableAzureADB2BIntegration; - [Write, Description("Determines what level of sharing is available for OneDrive and SharePoint sites."), ValueMap{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}, Values{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}] string SharingCapability; [Write, Description("Determines what level of sharing is available for OneDrive sites. It corresponds to the SharingCapabilities for OneDrive sites."), ValueMap{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}, Values{"ExternalUserAndGuestSharing", "Disabled", "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly"}] string OneDriveSharingCapability; - [Write, Description("Prevents external users from resharing files, folders, and sites that they do not own.")] boolean PreventExternalUsersFromResharing; - [Write, Description("Specifies the external sharing mode for domains."), ValueMap{"None", "AllowList", "BlockList"}, Values{"None", "AllowList", "BlockList"}] string SharingDomainRestrictionMode; - [Write, Description("Specifies a list of email domains that are allowed for sharing with the external collaborators. Use the space character as the delimiter for entering multiple values. For example, "contoso.com fabrikam.com".")] string SharingAllowedDomainList; - [Write, Description("Lets administrators choose the default link type in the sharing dialog box in OneDrive for Business and SharePoint Online."), ValueMap{"None", "Direct", "Internal", "AnonymousAccess"}, Values{"None", "Direct", "Internal", "AnonymousAccess"}] string DefaultSharingLinkType; - [Write, Description("Specifies whether to enable the external user expiration policy, where external users will be expired and removed from the site collection in a given number of days.")] boolean ExternalUserExpirationRequired; - [Write, Description("Specifies the number of days before an external user will expire and be removed from the site collection if the policy is enabled. Value can be from 30 to 730 days.")] uint32 ExternalUserExpireInDays; - [Write, Description("This parameter sets the default share link role on OneDrive sites. It replaces the DefaultLinkPermission."), ValueMap{"None", "View", "Edit", "Review", "RestrictedView"}, Values{"None", "View", "Edit", "Review", "RestrictedView"}] string DefaultLinkPermission; [Write, Description("Specifies the lower bound on the compatibility level for new sites.")] uint32 MinCompatibilityLevel; [Write, Description("Specifies the upper bound on the compatibility level for new sites.")] uint32 MaxCompatibilityLevel; [Write, Description("Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired.")] boolean SearchResolveExactEmailOrUPN; From e3e2353b06be377552a429c77550e23783126cb0 Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Fri, 14 Feb 2025 11:30:28 +0530 Subject: [PATCH 03/35] Fix #5742: Ensure TermsOfUse is an array in AADConditionalAccessPolicy --- .../MSFT_AADConditionalAccessPolicy.psm1 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 20c557d1a8..65cb6d1ee6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1777,12 +1777,13 @@ function Set-TargetResource } } - if ($TermsOfUse) - { - Write-Verbose -Message "Gettign Terms of Use {$TermsOfUse}" - $TermsOfUseObj = Get-MgBetaAgreement | Where-Object -FilterScript { $_.DisplayName -eq $TermsOfUse } - $GrantControls.Add('termsOfUse', $TermsOfUseObj.Id) - } + if ($TermsOfUse) +{ + Write-Verbose -Message "Getting Terms of Use {$TermsOfUse}" + $TermsOfUseObj = Get-MgBetaAgreement | Where-Object -FilterScript { $_.DisplayName -eq $TermsOfUse } + $GrantControls.Add('termsOfUse', @($TermsOfUseObj.Id)) +} + #no translation or conversion needed Write-Verbose -Message 'Set-Targetresource: Adding processed grant controls' From b20e3e80ea29c844833b49d5fe426892b3a7f736 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Mon, 17 Feb 2025 15:14:04 +0100 Subject: [PATCH 04/35] Update MSFT_AADPasswordRuleSettings.schema.mof MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added ValueMap and Values ('Enforced' and øAudit' to schema-entry for BannedPasswordCheckOnPremisesMode since the resource-params already accepts only these values --- .../MSFT_AADPasswordRuleSettings.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof index 1356eee844..da6e651dd0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof @@ -6,7 +6,7 @@ class MSFT_AADPasswordRuleSettings : OMI_BaseResource [Write, Description("The duration in seconds of the initial lockout period.")] UInt32 LockoutDurationInSeconds; [Write, Description("Boolean indicating if the banned password check for tenant specific banned password list is turned on or not.")] Boolean EnableBannedPasswordCheck; [Write, Description("A list of banned words in passwords.")] String BannedPasswordList[]; - [Write, Description("How should we enforce password policy check in on-premises system.")] String BannedPasswordCheckOnPremisesMode; + [Write, Description("How should we enforce password policy check in on-premises system."), ValueMap{"Enforced","Audit"}, Values{"Enforced","Audit"}] String BannedPasswordCheckOnPremisesMode; [Write, Description("Boolean indicating if the banned password check is turned on or not for on-premises system.")] Boolean EnableBannedPasswordCheckOnPremises; [Write, Description("Specify if the Azure AD Password Rule Settings should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; From c7c1b3079a4b7977ceaf4be1d32880691c7b9213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Mon, 17 Feb 2025 15:16:19 +0100 Subject: [PATCH 05/35] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d035e95202..910f7b4ebe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADPasswordRuleSettings + * Updated schema to only accept values 'Enforced' and 'Audit' for parameter BannedPasswordCheckOnPremisesMode * AADRoleEligibilityScheduleRequest * Reduce call count when reconciling object type FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621) From 331519e2e4ad5609ae80b5520e826311496381ec Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Mon, 17 Feb 2025 21:14:39 +0530 Subject: [PATCH 06/35] Update MSFT_AADConditionalAccessPolicy.psm1 --- .../MSFT_AADConditionalAccessPolicy.psm1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 65cb6d1ee6..d40b220ae5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1778,11 +1778,11 @@ function Set-TargetResource } if ($TermsOfUse) -{ - Write-Verbose -Message "Getting Terms of Use {$TermsOfUse}" - $TermsOfUseObj = Get-MgBetaAgreement | Where-Object -FilterScript { $_.DisplayName -eq $TermsOfUse } - $GrantControls.Add('termsOfUse', @($TermsOfUseObj.Id)) -} + { + Write-Verbose -Message "Getting Terms of Use {$TermsOfUse}" + $TermsOfUseObj = Get-MgBetaAgreement | Where-Object -FilterScript { $_.DisplayName -eq $TermsOfUse } + $GrantControls.Add('termsOfUse', @($TermsOfUseObj.Id)) + } #no translation or conversion needed From 6fbba5b712639c3498b87ad8a0d2475a39bed3de Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Mon, 17 Feb 2025 21:27:14 +0530 Subject: [PATCH 07/35] Update CHANGELOG.md --- CHANGELOG.md | 54 +++++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 902d2e9b38..10150a09e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,30 +1,36 @@ # Change log for Microsoft365DSC -# UNRELEASED +## UNRELEASED + +### AADRoleEligibilityScheduleRequest +- Reduce call count when reconciling object type. FIXES #5621 + +### ADOSecurityPolicy +- Fixes an issue where the resource threw an error trying to parse the default values. + +### M365DSCUtil +- Add M365DSC prefix to Remove-EmptyValue. +- Fixes an issue with Credential property being escaped and indentation. +- Adds the possibility to allow variables in strings and no authentication results update during conversion to final export. FIXES #3861 + +### SCSensitivityLabel +- Fixes invalid accepted content type values. + +### TeamsAppPermissionPolicy +- Updated correct Typecasting for AppPresetMeeting and PinnedMessagebarApps before adding them to the policy. + +### TeamsAppSetupPolicy +- FIXES [#5752] + +### TeamsM365App +- Remove Ensure property from being exported. FIXES #5781 + +### **AADConditionalAccessPolicy** +- Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. ([#5742](https://github.com/microsoft/your-repo/issues/5742)) + +### DEPENDENCIES +- Updated ReverseDSC to version 2.0.0.27 -* AADRoleEligibilityScheduleRequest - * Reduce call count when reconciling object type - FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621) -* ADOSecurityPolicy - * Fixes an issue where the resource threw an error trying to parse the default - values. -* M365DSCUtil - * Add M365DSC prefix to `Remove-EmptyValue`. - * Fixes an issue with `Credential` property being escaped and indentation. - * Adds the possibility to allow variables in strings and no authentication - results update during conversion to final export. - FIXES [#3861](https://github.com/microsoft/Microsoft365DSC/issues/3861) -* SCSensitivityLabel - * Fixes invalid accepted content type values. -* TeamsAppPermissionPolicy - * Updated correct Typecasting for AppPresetMeeting and PinnedMessagebarApps before adding them to the policy -* TeamsAppSetupPolicy - * FIXES [[#5752](https://github.com/microsoft/Microsoft365DSC/issues/5752) -* TeamsM365App - * Remove `Ensure` property from being exported. - FIXES [#5781](https://github.com/microsoft/Microsoft365DSC/issues/5781) -* DEPENDENCIES - * Updated ReverseDSC to version 2.0.0.27 # 1.25.212.2 From 275334b41b37b1c6556dfb21554654b747d136b0 Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Mon, 17 Feb 2025 21:29:57 +0530 Subject: [PATCH 08/35] Update CHANGELOG.md --- CHANGELOG.md | 54 +++++++++++++++++++++++----------------------------- 1 file changed, 24 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10150a09e1..902d2e9b38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,36 +1,30 @@ # Change log for Microsoft365DSC -## UNRELEASED - -### AADRoleEligibilityScheduleRequest -- Reduce call count when reconciling object type. FIXES #5621 - -### ADOSecurityPolicy -- Fixes an issue where the resource threw an error trying to parse the default values. - -### M365DSCUtil -- Add M365DSC prefix to Remove-EmptyValue. -- Fixes an issue with Credential property being escaped and indentation. -- Adds the possibility to allow variables in strings and no authentication results update during conversion to final export. FIXES #3861 - -### SCSensitivityLabel -- Fixes invalid accepted content type values. - -### TeamsAppPermissionPolicy -- Updated correct Typecasting for AppPresetMeeting and PinnedMessagebarApps before adding them to the policy. - -### TeamsAppSetupPolicy -- FIXES [#5752] - -### TeamsM365App -- Remove Ensure property from being exported. FIXES #5781 - -### **AADConditionalAccessPolicy** -- Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. ([#5742](https://github.com/microsoft/your-repo/issues/5742)) - -### DEPENDENCIES -- Updated ReverseDSC to version 2.0.0.27 +# UNRELEASED +* AADRoleEligibilityScheduleRequest + * Reduce call count when reconciling object type + FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621) +* ADOSecurityPolicy + * Fixes an issue where the resource threw an error trying to parse the default + values. +* M365DSCUtil + * Add M365DSC prefix to `Remove-EmptyValue`. + * Fixes an issue with `Credential` property being escaped and indentation. + * Adds the possibility to allow variables in strings and no authentication + results update during conversion to final export. + FIXES [#3861](https://github.com/microsoft/Microsoft365DSC/issues/3861) +* SCSensitivityLabel + * Fixes invalid accepted content type values. +* TeamsAppPermissionPolicy + * Updated correct Typecasting for AppPresetMeeting and PinnedMessagebarApps before adding them to the policy +* TeamsAppSetupPolicy + * FIXES [[#5752](https://github.com/microsoft/Microsoft365DSC/issues/5752) +* TeamsM365App + * Remove `Ensure` property from being exported. + FIXES [#5781](https://github.com/microsoft/Microsoft365DSC/issues/5781) +* DEPENDENCIES + * Updated ReverseDSC to version 2.0.0.27 # 1.25.212.2 From 0cfb696472f8261a8d2943bb817385317fb34f53 Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Mon, 17 Feb 2025 21:34:12 +0530 Subject: [PATCH 09/35] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 902d2e9b38..a741214f75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,9 @@ * TeamsM365App * Remove `Ensure` property from being exported. FIXES [#5781](https://github.com/microsoft/Microsoft365DSC/issues/5781) + * **AADConditionalAccessPolicy** + * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. + FIXES [#5742](https://github.com/microsoft/Microsoft365DSC/issues/5742) * DEPENDENCIES * Updated ReverseDSC to version 2.0.0.27 From f0c30f62ba6f4fbcf0b356690d0a9353a5f8a50e Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Mon, 17 Feb 2025 21:49:44 +0530 Subject: [PATCH 10/35] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a741214f75..c79fdef14c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ * TeamsM365App * Remove `Ensure` property from being exported. FIXES [#5781](https://github.com/microsoft/Microsoft365DSC/issues/5781) - * **AADConditionalAccessPolicy** + * AADConditionalAccessPolicy * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. FIXES [#5742](https://github.com/microsoft/Microsoft365DSC/issues/5742) * DEPENDENCIES From 962ee65fab4fc859ef0864e13bf4b94936e2a879 Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Mon, 17 Feb 2025 21:56:26 +0530 Subject: [PATCH 11/35] Update CHANGELOG.md Co-authored-by: Fabien Tschanz <71251572+FabienTschanz@users.noreply.github.com> --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c79fdef14c..7af715ddb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ * TeamsM365App * Remove `Ensure` property from being exported. FIXES [#5781](https://github.com/microsoft/Microsoft365DSC/issues/5781) - * AADConditionalAccessPolicy +* AADConditionalAccessPolicy * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. FIXES [#5742](https://github.com/microsoft/Microsoft365DSC/issues/5742) * DEPENDENCIES From 3c4c4d5fbe71dc2c24ca5d3ccf106a4608950b44 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 21 Feb 2025 08:42:35 +0100 Subject: [PATCH 12/35] Update SPOSiteScript.psm1 and Microsoft365DSC.SPOSiteScript.Tests.ps1 --- .../MSFT_SPOSiteScript.psm1 | 16 ++-- .../Microsoft365DSC.SPOSiteScript.Tests.ps1 | 94 +++++++++---------- 2 files changed, 52 insertions(+), 58 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 index 62042afbe3..d1b35c913f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 @@ -89,21 +89,19 @@ function Get-TargetResource # if ([System.String]::IsNullOrEmpty($Identity)) { - [Array]$SiteScripts = Get-PnPSiteScript -ErrorAction Stop | Where-Object -FilterScript { $_.Title -eq $Title } - - $SiteScript = $null - ##### Check to see if more than one site script is returned - if ($SiteScripts.Length -gt -1) - { - $SiteScript = Get-PnPSiteScript -Identity $SiteScripts[0].Id -ErrorAction Stop - } + $SiteScript = Get-PnPSiteScript -ErrorAction Stop | Where-Object -FilterScript { $_.Title -eq $Title } | Select-Object -First 1 # No script was returned - if ($null -eq $SiteScripts) + if ($null -eq $SiteScript) { Write-Verbose -Message "No Site Script with the Title, {$Title}, was found." return $nullReturn } + else + { + # get site script *with* content + $SiteScript = Get-PnPSiteScript -Identity $SiteScript.Id + } } else { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 index 382afd0761..8d27fee37e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 @@ -116,21 +116,52 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-PnPSiteScript -MockWith { return @{ + Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' Title = 'Title One' } } + } - Mock -CommandName Get-PnPTenantTheme -MockWith { - return @{ - Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' - Title = 'Title Two' - Content = $script - Description = "This is the description for the Site Script: 'Test Title'" - } + It 'Should update the Theme from the Set method' { + Set-TargetResource @testParams + } + + It 'Should return present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + } + + Context -Name 'The site script identified by Title already exist but is not in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Title = 'Title One' + Content = $script + Description = "This is the description for the Site Script: 'Test Title'" + Credential = $Credential + Ensure = 'Present' + } + + Mock -CommandName Get-PnPSiteScript -MockWith { + return @( + @{ + Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' + Title = 'Title One' + Description = "This is the first sitescript with title 'Title One'" + }, + @{ + Identity = '01234567-890a-bcde-f094-e8df5f9aa202' + Title = 'Title One' + Description = "This is another sitescript with the same title" + } + ) } } - It 'Should update the Theme from the Set method' { + It 'Should update the site script from the Set method' { Set-TargetResource @testParams } @@ -143,7 +174,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'Testing theme removal' -Fixture { + Context -Name 'Testing site script removal' -Fixture { BeforeAll { $testParams = @{ Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' @@ -154,21 +185,21 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Ensure = 'Present' } - Mock -CommandName Get-PnPTenantTheme -MockWith { + Mock -CommandName Get-PnPSiteScript -MockWith { return @{ - Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' + Id = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' Title = 'Title Two' Content = $script Description = "This is the description for the Site Script: 'Test Title'" } } - Mock -CommandName Remove-PnPTenantTheme -MockWith { - return 'Theme has been successfully removed' + Mock -CommandName Remove-PnPSiteScript -MockWith { + return 'Site script has been successfully removed' } } - It 'Should remove the Theme successfully' { + It 'Should remove the site script successfully' { Set-TargetResource @testParams } } @@ -187,41 +218,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Title = 'Test' } } - - Mock -CommandName Get-PnPTenantTheme -MockWith { - return @{ - Name = 'TestTheme' - IsInverted = $false - Palette = @{ - 'themePrimary' = '#0078d4' - 'themeLighterAlt' = '#eff6fc' - 'themeLighter' = '#deecf9' - 'themeLight' = '#c7e0f4' - 'themeTertiary' = '#71afe5' - 'themeSecondary' = '#2b88d8' - 'themeDarkAlt' = '#106ebe' - 'themeDark' = '#005a9e' - 'themeDarker' = '#004578' - 'neutralLighterAlt' = '#f8f8f8' - 'neutralLighter' = '#f4f4f4' - 'neutralLight' = '#eaeaea' - 'neutralQuaternaryAlt' = '#dadada' - 'neutralQuaternary' = '#d0d0d0' - 'neutralTertiaryAlt' = '#c8c8c8' - 'neutralTertiary' = '#c2c2c2' - 'neutralSecondary' = '#858585' - 'neutralPrimaryAlt' = '#4b4b4b' - 'neutralPrimary' = '#333' - 'neutralDark' = '#272727' - 'black' = '#1d1d1d' - 'white' = '#fff' - 'bodyBackground' = '#0078d4' - 'bodyText' = '#fff' - } - Credential = $Credential - Ensure = 'Present' - } - } } It 'Should Reverse Engineer resource from the Export method' { From 87b4505514b79d35835a3f50483696e548f8fe65 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 21 Feb 2025 09:22:43 +0100 Subject: [PATCH 13/35] updated unit-tests --- .../Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 index 8d27fee37e..75c15a198a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 @@ -122,7 +122,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - It 'Should update the Theme from the Set method' { + It 'Should update the site script from the Set method' { Set-TargetResource @testParams } From 7f6fa1e1120759bc2fc62c49f956bb0dc902be87 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 21 Feb 2025 10:37:47 +0100 Subject: [PATCH 14/35] updated changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59a80ebf3e..fed5f01ca0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# Unreleased + +* SPOSiteScript + * Fix error in Get-TargetResource when a site-script is identified by title only + # 1.25.219.1 * AADAccessReviewPolicy From b8a87b8bc2bd1021d545e8666aceefa6c56ad0fc Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 21 Feb 2025 12:53:38 +0100 Subject: [PATCH 15/35] updated Set-TargetResource and unit-tests --- .../MSFT_SPOSiteScript.psm1 | 31 +++++--- .../Microsoft365DSC.SPOSiteScript.Tests.ps1 | 76 +++++++++++++++---- 2 files changed, 83 insertions(+), 24 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 index d1b35c913f..2a94760b7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 @@ -220,10 +220,7 @@ function Set-TargetResource # region Telemetry $CurrentValues = Get-TargetResource @PSBoundParameters - $CurrentParameters = $PSBoundParameters - $CurrentParameters.Remove('Ensure') | Out-Null - $CurrentParameters.Remove('Credential') | Out-Null - $CurrentParameters.Remove('ApplicationSecret') | Out-Null + $CurrentParameters = Remove-M365DSCAuthenticationParameter $PSBoundParameters # end region if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent') @@ -265,12 +262,12 @@ function Set-TargetResource try { # The Site Script exists and it shouldn't - [Array]$SiteScripts = Get-PnPSiteScript | Where-Object -FilterScript { $_.Title -eq $Title } -ErrorAction SilentlyContinue + [Array]$SiteScript = Get-PnPSiteScript | Where-Object -FilterScript { $_.Title -eq $Title } -ErrorAction SilentlyContinue ##### Check to see if more than one site script is returned - if ($SiteScripts.Length -gt 0) + if ($SiteScript.Count -gt 1) { - $SiteScript = Get-PnPSiteScript -Identity $SiteScripts[0].Id + $SiteScript = Get-PnPSiteScript -Identity $SiteScript[0].Id } ##### End of Check } @@ -285,6 +282,16 @@ function Set-TargetResource throw $Message } } + try { + Remove-PnPSiteScript -Identity $sitescript.Id -Force -ErrorAction Stop + } + catch { + New-M365DSCLogEntry -Message 'Error removing Site Script:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } } if ($Ensure -ne 'Absent') { @@ -296,12 +303,12 @@ function Set-TargetResource [Array]$SiteScripts = Get-PnPSiteScript | Where-Object -FilterScript { $_.Title -eq $Title } -ErrorAction SilentlyContinue ##### Check to see if more than one site script is returned - if ($SiteScripts.Length -gt 0) + if ($SiteScripts.Count -gt 0) { # #the only way to get the $content is to query the site again, but this time with the ID and not the Title like above $UpdateParams = @{ - Id = $SiteScripts[0].Id + Identity = $SiteScripts[0].Id Title = $Title Content = $Content Description = $Description @@ -317,7 +324,11 @@ function Set-TargetResource } catch { - Write-Warning -Message "Unable to update Site Script, {$Title}" + New-M365DSCLogEntry -Message 'Error updating Site Script:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 index 75c15a198a..03c31a709b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 @@ -55,6 +55,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Remove-PnPSiteScript -MockWith { + } + Mock -CommandName Start-Sleep -MockWith { } @@ -81,13 +84,23 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Add-PnPSiteScript -MockWith { return @{ - Name = $null + Id = '12345-67890-abcde-f0123' } } - Mock -CommandName Get-PnPSiteScript -MockWith { + # calls to Get-PnPSiteScript without proper Identity returns nothing + Mock -CommandName Get-PnPSiteScript -ParameterFilter {Identity -ne '12345-67890-abcde-f0123'} -MockWith { return $null } + # after Add-PnPSiteScript has been called, Get-PnPSiteScript should return the created site-script + Mock -CommandName Get-PnPSiteScript -ParameterFilter {Identity -eq '12345-67890-abcde-f0123'} -MockWith { + return @{ + Id = '12345-67890-abcde-f0123' + Title = 'Title One' + Content = $script + Description = "This is the description for the Site Script: 'Test Title'" + } + } } It 'Should return absent from the Get method' { @@ -100,10 +113,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Creates the site script in the Set method' { Set-TargetResource @testParams + Should -Invoke -CommandName Add-PnPSiteScript -Exactly -Times 1 } } - Context -Name 'The site script already exist but is not in the desired state' -Fixture { + Context -Name 'The site script already exist and is in the desired state' -Fixture { BeforeAll { $testParams = @{ Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' @@ -116,14 +130,41 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-PnPSiteScript -MockWith { return @{ - Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' - Title = 'Title One' + Id = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' + Title = 'Title One' + Content = $script + Description = "This is the description for the Site Script: 'Test Title'" } } } - It 'Should update the site script from the Set method' { - Set-TargetResource @testParams + It 'Should return present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'The site script already exist but is not in the desired state' -Fixture { + BeforeAll { + $testParams = @{ + Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' + Title = 'Title One' + Content = $script + Description = "This is the description for the Site Script: 'Test Title'" + Credential = $Credential + Ensure = 'Present' + } + + Mock -CommandName Get-PnPSiteScript -MockWith { + return @{ + Id = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' + Title = 'Title One' + Description = "wrong description" + } + } } It 'Should return present from the Get method' { @@ -133,6 +174,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } + + It 'Should update the site script from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-PnPSiteScript -Exactly -Times 1 + } } Context -Name 'The site script identified by Title already exist but is not in the desired state' -Fixture { @@ -149,22 +195,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @( @{ Identity = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' - Title = 'Title One' + Title = 'Title One' Description = "This is the first sitescript with title 'Title One'" }, @{ Identity = '01234567-890a-bcde-f094-e8df5f9aa202' - Title = 'Title One' + Title = 'Title One' Description = "This is another sitescript with the same title" } ) } } - It 'Should update the site script from the Set method' { - Set-TargetResource @testParams - } - It 'Should return present from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -172,6 +214,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } + + It 'Should update the site script from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Set-PnPSiteScript -Exactly -Times 1 + } } Context -Name 'Testing site script removal' -Fixture { @@ -188,7 +235,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-PnPSiteScript -MockWith { return @{ Id = '6c42cc50-7f90-45c2-9094-e8df5f9aa202' - Title = 'Title Two' + Title = 'Title One' Content = $script Description = "This is the description for the Site Script: 'Test Title'" } @@ -201,6 +248,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should remove the site script successfully' { Set-TargetResource @testParams + Should -Invoke -CommandName Remove-PnPSiteScript -Exactly -Times 1 } } From d59e6bfc3112428471af02f080df25567641a806 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 21 Feb 2025 13:23:38 +0100 Subject: [PATCH 16/35] updated unit-tests of removal/absent --- .../Microsoft365DSC.SPOSiteScript.Tests.ps1 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 index 03c31a709b..fdb90d6e71 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 @@ -55,6 +55,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Set-PnPSiteScript -MockWith { + } + Mock -CommandName Remove-PnPSiteScript -MockWith { } @@ -229,7 +232,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Content = $script Description = "This is the description for the Site Script: 'Test Title'" Credential = $Credential - Ensure = 'Present' + Ensure = 'Absent' } Mock -CommandName Get-PnPSiteScript -MockWith { @@ -240,10 +243,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = "This is the description for the Site Script: 'Test Title'" } } + } - Mock -CommandName Remove-PnPSiteScript -MockWith { - return 'Site script has been successfully removed' - } + It 'Should return present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false } It 'Should remove the site script successfully' { From d7e5d0c6cb2da825ef223e7bd0ed15e5f97812e1 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 21 Feb 2025 14:04:12 +0100 Subject: [PATCH 17/35] Added Remove-PnpSIteScript to Microsoft365 stubs --- Tests/Unit/Stubs/Microsoft365.psm1 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 94492080d2..8748448aed 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -82181,6 +82181,23 @@ function Remove-PnPSiteDesign $Force ) } +function Remove-PnpSiteScript +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $Identity, + + [Parameter()] + [PSObject] + $Connection, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} function Remove-PnPStorageEntity { [CmdletBinding()] From f7d125c85374d3197744c84c50688f8bcbd80b3d Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Fri, 21 Feb 2025 16:30:29 +0100 Subject: [PATCH 18/35] Fix handling of DeviceCompliancePolicyScript property --- CHANGELOG.md | 6 + ...IntuneDeviceCompliancePolicyWindows10.psm1 | 168 +++++++----------- ...DeviceCompliancePolicyWindows10.schema.mof | 9 +- 3 files changed, 79 insertions(+), 104 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59a80ebf3e..c6df99efcb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceCompliancePolicyWindows10 + * Fixes the handling of the `DeviceCompliancePolicyScript` property. + FIXES [#5510](https://github.com/microsoft/Microsoft365DSC/issues/5510) + # 1.25.219.1 * AADAccessReviewPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 653c636faf..67d108a7dd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -135,7 +135,7 @@ function Get-TargetResource $TpmRequired, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $DeviceCompliancePolicyScript, [Parameter()] @@ -206,10 +206,9 @@ function Get-TargetResource $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` -All ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) } - if (([array]$devicePolicy).count -gt 1) + -Filter "displayName eq '$DisplayName' and isof('microsoft.graph.windows10CompliancePolicy')" ` + -ErrorAction SilentlyContinue + if (([array]$devicePolicy).Count -gt 1) { throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" } @@ -246,6 +245,19 @@ function Get-TargetResource } } + $complexDeviceCompliancePolicyScript = @{} + if ($null -ne $devicePolicy.AdditionalProperties.deviceCompliancePolicyScript) + { + Write-Verbose -Message "Resolving Device Compliance Policy Script with Id {$($devicePolicy.AdditionalProperties.deviceCompliancePolicyScript.deviceComplianceScriptId)}" + $policyScript = Invoke-MgGraphRequest -Uri "/beta/deviceManagement/deviceComplianceScripts/$($devicePolicy.AdditionalProperties.deviceCompliancePolicyScript.deviceComplianceScriptId)" -Method GET + $complexDeviceCompliancePolicyScript.Add('DisplayName', $policyScript.displayName) + $complexDeviceCompliancePolicyScript.Add('RulesContent', [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($devicePolicy.AdditionalProperties.deviceCompliancePolicyScript.rulesContent))) + } + if ($complexDeviceCompliancePolicyScript.Keys.Count -eq 0) + { + $complexDeviceCompliancePolicyScript = $null + } + Write-Verbose -Message "Found Windows 10 Device Compliance Policy with displayName {$DisplayName}" $results = @{ DisplayName = $devicePolicy.DisplayName @@ -280,7 +292,7 @@ function Get-TargetResource DeviceThreatProtectionRequiredSecurityLevel = $devicePolicy.AdditionalProperties.deviceThreatProtectionRequiredSecurityLevel ConfigurationManagerComplianceRequired = $devicePolicy.AdditionalProperties.configurationManagerComplianceRequired TpmRequired = $devicePolicy.AdditionalProperties.tpmRequired - DeviceCompliancePolicyScript = $devicePolicy.AdditionalProperties.deviceCompliancePolicyScript + DeviceCompliancePolicyScript = $complexDeviceCompliancePolicyScript ValidOperatingSystemBuildRanges = $complexValidOperatingSystemBuildRanges Ensure = 'Present' Credential = $Credential @@ -453,7 +465,7 @@ function Set-TargetResource $TpmRequired, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $DeviceCompliancePolicyScript, [Parameter()] @@ -515,13 +527,7 @@ function Set-TargetResource #endregion $currentDeviceWindows10Policy = Get-TargetResource @PSBoundParameters - - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('AccessTokens') | Out-Null + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $scheduledActionsForRule = @{ '@odata.type' = '#microsoft.graph.deviceComplianceScheduledActionForRule' @@ -534,14 +540,34 @@ function Set-TargetResource ) } + if ($null -ne $BoundParameters.DeviceCompliancePolicyScript) + { + $script = $BoundParameters.DeviceCompliancePolicyScript + $scriptName = $script.Displayname + $scriptRulesContent = $script.RulesContent + + $complianceScript = (Invoke-MgGraphRequest -Uri "/beta/deviceManagement/deviceComplianceScripts?`$filter=displayName eq '$scriptName'" -Method GET).value + if ($complianceScript.Count -eq 0) + { + throw "The referenced Intune Device Compliance Script with DisplayName {$scriptName} was not found" + } + + $script = @{ + deviceComplianceScriptId = $complianceScript.id + rulesContent = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($scriptRulesContent)) + } + $BoundParameters.Remove('DeviceCompliancePolicyScript') | Out-Null + $BoundParameters.Add('DeviceCompliancePolicyScript', $script) + } + if ($Ensure -eq 'Present' -and $currentDeviceWindows10Policy.Ensure -eq 'Absent') { Write-Verbose -Message "Creating new Intune Device Compliance Windows 10 Policy {$DisplayName}" - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null + $BoundParameters.Remove('DisplayName') | Out-Null + $BoundParameters.Remove('Description') | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null - $AdditionalProperties = Get-M365DSCIntuneDeviceCompliancePolicyWindows10AdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) + $AdditionalProperties = Get-M365DSCIntuneDeviceCompliancePolicyWindows10AdditionalProperties -Properties ([System.Collections.Hashtable]$BoundParameters) $policy = New-MgBetaDeviceManagementDeviceCompliancePolicy -DisplayName $DisplayName ` -Description $Description ` -AdditionalProperties $AdditionalProperties ` @@ -563,11 +589,11 @@ function Set-TargetResource -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null + $BoundParameters.Remove('DisplayName') | Out-Null + $BoundParameters.Remove('Description') | Out-Null + $BoundParameters.Remove('Assignments') | Out-Null - $AdditionalProperties = Get-M365DSCIntuneDeviceCompliancePolicyWindows10AdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) + $AdditionalProperties = Get-M365DSCIntuneDeviceCompliancePolicyWindows10AdditionalProperties -Properties ([System.Collections.Hashtable]$BoundParameters) Update-MgBetaDeviceManagementDeviceCompliancePolicy -AdditionalProperties $AdditionalProperties ` -Description $Description ` -DeviceCompliancePolicyId $configDevicePolicy.Id @@ -729,7 +755,7 @@ function Test-TargetResource $TpmRequired, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $DeviceCompliancePolicyScript, [Parameter()] @@ -795,7 +821,7 @@ function Test-TargetResource throw "An error occured in Get-TargetResource, the policy {$displayName} will not be processed. Refer to the event viewer logs for more information." } - $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() $testResult = $true #Compare Cim instances @@ -952,6 +978,20 @@ function Export-TargetResource $Results.Remove('ValidOperatingSystemBuildRanges') | Out-Null } } + if ($null -ne $Results.DeviceCompliancePolicyScript) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DeviceCompliancePolicyScript ` + -CIMInstanceName 'MicrosoftGraphDeviceCompliancePolicyScript' + if (-not [string]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.DeviceCompliancePolicyScript = $complexTypeStringResult + } + else + { + $Results.Remove('DeviceCompliancePolicyScript') | Out-Null + } + } if ($null -ne $Results.Assignments) { $complexMapping = @( @@ -980,7 +1020,7 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential ` - -NoEscape @('ValidOperatingSystemBuildRanges', 'Assignments') + -NoEscape @('ValidOperatingSystemBuildRanges', 'DeviceCompliancePolicyScript', 'Assignments') $dscContent += $currentDSCBlock @@ -1041,82 +1081,4 @@ function Get-M365DSCIntuneDeviceCompliancePolicyWindows10AdditionalProperties return $results } -function Get-M365DSCAssignmentsAsString -{ - [CmdletBinding()] - [OutputType([System.String])] - param( - [Parameter()] - [System.Object[]] - $Params - ) - - if ($null -eq $params) - { - return $null - } - $currentProperty = "@(`r`n" - $space = ' ' - $nbParam = 0 - $hasValue = $false - foreach ($rule in $params) - { - - $currentProperty += "$($space)MSFT_DeviceManagementConfigurationPolicyAssignments{`r`n" - foreach ($key in $rule.Keys) - { - $value = $rule[$key] - if (-not [System.String]::IsNullOrEmpty($value)) - { - $currentProperty += ' ' + $key + " = '" + $value + "'`r`n" - $hasValue = $true - } - - } - $currentProperty += ' }' - if ($nbParam -lt ($params.Count - 1) ) - { - $nbParam++ - $currentProperty += "`r`n" - } - - } - $currentProperty += ')' - if (-not $hasValue) - { - return '@()' - } - return $currentProperty -} - -function Get-M365DSCAssignmentsAsHashtable -{ - [CmdletBinding()] - param( - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $CIMAssignment - ) - - if ($null -eq $CIMAssignment) - { - return $null - } - $CIMAssignmentAsHash = @{} - $keys = $CIMAssignment | Get-Member -MemberType Properties - - foreach ($key in $keys) - { - if ($CIMAssignment.$($key.Name)) - { - $CIMAssignmentAsHash.Add($key.Name, $CIMAssignment.$($key.Name)) - } - } - if ($CIMAssignmentAsHash.Count -eq 0) - { - return $null - } - return $CIMAssignmentAsHash -} - Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof index ac822b9aa6..70a19f217e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.schema.mof @@ -17,6 +17,13 @@ class MSFT_MicrosoftGraphOperatingSystemVersionRange [Write, Description("The highest inclusive version that this range contains.")] String HighestVersion; }; +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphDeviceCompliancePolicyScript +{ + [Key, Description("Device compliance script name.")] String DisplayName; + [Write, Description("Rules content of the custom settings.")] String RulesContent; +}; + [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceCompliancePolicyWindows10")] class MSFT_IntuneDeviceCompliancePolicyWindows10 : OMI_BaseResource { @@ -53,7 +60,7 @@ class MSFT_IntuneDeviceCompliancePolicyWindows10 : OMI_BaseResource [Write, Description("DeviceThreatProtectionRequiredSecurityLevel of the Windows 10 device compliance policy."), ValueMap{"Unavailable","Secured","Low", "Medium","High","NotSet"}, Values{"Unavailable","Secured","Low", "Medium","High","NotSet"}] String DeviceThreatProtectionRequiredSecurityLevel; [Write, Description("ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy.")] Boolean ConfigurationManagerComplianceRequired; [Write, Description("TpmRequired of the Windows 10 device compliance policy.")] Boolean TpmRequired; - [Write, Description("DeviceCompliancePolicyScript of the Windows 10 device compliance policy.")] String DeviceCompliancePolicyScript; + [Write, Description("DeviceCompliancePolicyScript of the Windows 10 device compliance policy."), EmbeddedInstance("MSFT_MicrosoftGraphDeviceCompliancePolicyScript")] String DeviceCompliancePolicyScript; [Write, Description("ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy."), EmbeddedInstance("MSFT_MicrosoftGraphOperatingSystemVersionRange")] String ValidOperatingSystemBuildRanges[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; From 324907db3186ecb32c0fa9551bfc89f21bf2c463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Albeck?= <61009084+salbeck-sit@users.noreply.github.com> Date: Mon, 24 Feb 2025 11:09:10 +0100 Subject: [PATCH 19/35] Update CHANGELOG.md --- CHANGELOG.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fed5f01ca0..467db27f18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,25 @@ # Change log for Microsoft365DSC -# Unreleased +# UNRELEASED +* AADAppplication + * Fixed an issue where specifying an empty ReplyURLs array would not remove + the existing entries. +* EXOCalendarProcessing + * Changed the Get-TargetResource logic to return UPN instead of id. +* EXODistributionGroup + * Fixed the ability to set members. +* Security & Compliance + * Updated export functions to remove skipping of loading module, to prevent + missing cmdlet errors that are causing failing exports. +* SCPolicyConfig + * Handle default values in the Get-TargetResource function. + * Added support for the FileCopiedToCloudFullUrlEnabled property. * SPOSiteScript * Fix error in Get-TargetResource when a site-script is identified by title only + FIXES [#5821](https://github.com/microsoft/Microsoft365DSC/issues/5821) -# 1.25.219.1 +# 1.25.219.2 * AADAccessReviewPolicy * Missing AccessReview permission for Application Read access From ffd6d23952bc0fcb4cc0024be9afd4c488642f93 Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Tue, 25 Feb 2025 09:52:00 +0530 Subject: [PATCH 20/35] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7af715ddb8..2bc5f64cdd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,10 @@ * AADConditionalAccessPolicy * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. FIXES [#5742](https://github.com/microsoft/Microsoft365DSC/issues/5742) +* AADGroupEligibilitySchedule + * FIXES [#5792](https://github.com/microsoft/Microsoft365DSC/issues/5792) issue where complete DSC isn't exported after generated + * FIXES [#5793](https://github.com/microsoft/Microsoft365DSC/issues/5793) issue where PrincipalType isn't correctly captured in AzureGov + * DEPENDENCIES * Updated ReverseDSC to version 2.0.0.27 From 0483c6ffad9f1aa1ff073ca4e75741bb82387b7d Mon Sep 17 00:00:00 2001 From: Pranay Kumar Karvi Date: Tue, 25 Feb 2025 09:53:38 +0530 Subject: [PATCH 21/35] Update CHANGELOG.md --- CHANGELOG.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bc5f64cdd..7af715ddb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,10 +26,6 @@ * AADConditionalAccessPolicy * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. FIXES [#5742](https://github.com/microsoft/Microsoft365DSC/issues/5742) -* AADGroupEligibilitySchedule - * FIXES [#5792](https://github.com/microsoft/Microsoft365DSC/issues/5792) issue where complete DSC isn't exported after generated - * FIXES [#5793](https://github.com/microsoft/Microsoft365DSC/issues/5793) issue where PrincipalType isn't correctly captured in AzureGov - * DEPENDENCIES * Updated ReverseDSC to version 2.0.0.27 From b83a4fea2eec4ca615dce3ef95b6967f5bf6e291 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Wed, 26 Feb 2025 09:54:36 +0100 Subject: [PATCH 22/35] Apply ordering during export for Get-Team cmdlet --- CHANGELOG.md | 11 +++++++++++ .../MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 | 2 +- .../DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 | 2 +- .../DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 | 2 +- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd20e5600c..4216267ded 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* TeamsChannel + * Apply ordering during export. + FIXES [#5829](https://github.com/microsoft/Microsoft365DSC/issues/5829) +* TeamsTeam + * Apply ordering during export. +* TeamsUser + * Apply ordering during export. + + # 1.25.219.3 * AADApplication diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 index 1526c79991..d07a0a962d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 @@ -415,7 +415,7 @@ function Export-TargetResource try { - $teams = Get-Team -ErrorAction Stop + $teams = Get-Team -ErrorAction Stop | Sort-Object -Property GroupId $j = 1 $dscContent = '' Write-Host "`r`n" -NoNewline diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 index 3192e7e7c4..6dab01c2c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 @@ -725,7 +725,7 @@ function Export-TargetResource $organization = $Credential.UserName.Split('@')[1] } - $teams = Get-Team + $teams = Get-Team | Sort-Object -Property GroupId $i = 1 $dscContent = '' Write-Host "`r`n" -NoNewline diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 index 970a688cc0..2c1aeb1c56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 @@ -349,7 +349,7 @@ function Export-TargetResource try { - [array]$instances = Get-Team + [array]$instances = Get-Team | Sort-Object -Property GroupId if ($instances.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark From 4fc2ffa9c7dbb02bfc854d95a6e551a05719c4f2 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 26 Feb 2025 11:19:06 +0100 Subject: [PATCH 23/35] Correct schema --- CHANGELOG.md | 3 +++ .../MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4dd12012d6..9f4290fcef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup * Fixed the ability to set members. +* PPTenantSettings + * Corrected issue in the resource schema. The description was a multi-line + string, which is not allowed. * Security & Compliance * Updated export functions to remove skipping of loading module, to prevent missing cmdlet errors that are causing failing exports. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof index afa473aa81..59ebf64a14 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof @@ -8,9 +8,7 @@ class MSFT_PPTenantSettings : OMI_BaseResource [Write, Description("Allow people to use AI to generate an app based on an image. Default value is false.")] Boolean DisableCreateFromImage; [Write, Description("Gets or sets a value indicating whether non-admin users in the tenant can share connections with everyone. Default value is false.")] Boolean DisableConnectionSharingWithEveryone; [Write, Description("TBD")] Boolean AllowNewOrgChannelDefault; - [Write, Description("Disables cloud flows copilot in Power Automate. - -It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false.")] Boolean DisableCopilot; + [Write, Description("Disables cloud flows copilot in Power Automate. It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false.")] Boolean DisableCopilot; [Write, Description("Disables the copilot-enhanced help feature within Power Automate to enhance answers on product documentation through Bing Search. Default value is false.")] Boolean DisableCopilotWithBing; [Write, Description("Disables the weekly admin digest email for Managed Environments. Default value is false.")] Boolean DisableAdminDigest; [Write, Description("Ignore the Teams group-preferred data location when provisioning a Teams environment. Default value is false.")] Boolean DisablePreferredDataLocationForTeamsEnvironment; From 2c253fc937588e8b510d10a3786098a7431c0f92 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 26 Feb 2025 11:19:06 +0100 Subject: [PATCH 24/35] Correct schema --- CHANGELOG.md | 3 +++ .../MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd20e5600c..67f23d3117 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,9 @@ * Initial release. * M365DSCRuleEvaluation * Clear the cached instances from the export operation after evaluating the rules. +* PPTenantSettings + * Corrected issue in the resource schema. The description was a multi-line + string, which is not allowed. * Security & Compliance * Updated export functions to remove skipping of loading module, to prevent missing cmdlet errors that are causing failing exports. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof index afa473aa81..59ebf64a14 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantSettings/MSFT_PPTenantSettings.schema.mof @@ -8,9 +8,7 @@ class MSFT_PPTenantSettings : OMI_BaseResource [Write, Description("Allow people to use AI to generate an app based on an image. Default value is false.")] Boolean DisableCreateFromImage; [Write, Description("Gets or sets a value indicating whether non-admin users in the tenant can share connections with everyone. Default value is false.")] Boolean DisableConnectionSharingWithEveryone; [Write, Description("TBD")] Boolean AllowNewOrgChannelDefault; - [Write, Description("Disables cloud flows copilot in Power Automate. - -It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false.")] Boolean DisableCopilot; + [Write, Description("Disables cloud flows copilot in Power Automate. It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false.")] Boolean DisableCopilot; [Write, Description("Disables the copilot-enhanced help feature within Power Automate to enhance answers on product documentation through Bing Search. Default value is false.")] Boolean DisableCopilotWithBing; [Write, Description("Disables the weekly admin digest email for Managed Environments. Default value is false.")] Boolean DisableAdminDigest; [Write, Description("Ignore the Teams group-preferred data location when provisioning a Teams environment. Default value is false.")] Boolean DisablePreferredDataLocationForTeamsEnvironment; From 13720d335049690a4e7d33eafe33bc73c20275a5 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 26 Feb 2025 11:36:08 +0100 Subject: [PATCH 25/35] Corrected changelog --- CHANGELOG.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67f23d3117..64fa8c6f2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* PPTenantSettings + * Corrected issue in the resource schema. The description was a multi-line + string, which is not allowed. + # 1.25.219.3 * AADApplication @@ -31,9 +37,6 @@ * Initial release. * M365DSCRuleEvaluation * Clear the cached instances from the export operation after evaluating the rules. -* PPTenantSettings - * Corrected issue in the resource schema. The description was a multi-line - string, which is not allowed. * Security & Compliance * Updated export functions to remove skipping of loading module, to prevent missing cmdlet errors that are causing failing exports. From aa1714fd1c8776f4e8436d37035b80acb8ab1dca Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 11:59:22 +0000 Subject: [PATCH 26/35] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/power-platform/PPTenantSettings.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/docs/resources/power-platform/PPTenantSettings.md b/docs/docs/resources/power-platform/PPTenantSettings.md index 1d2fa1d624..9131c1edda 100644 --- a/docs/docs/resources/power-platform/PPTenantSettings.md +++ b/docs/docs/resources/power-platform/PPTenantSettings.md @@ -11,9 +11,7 @@ | **DisableCreateFromImage** | Write | Boolean | Allow people to use AI to generate an app based on an image. Default value is false. | | | **DisableConnectionSharingWithEveryone** | Write | Boolean | Gets or sets a value indicating whether non-admin users in the tenant can share connections with everyone. Default value is false. | | | **AllowNewOrgChannelDefault** | Write | Boolean | TBD | | -| **DisableCopilot** | Write | Boolean | Disables cloud flows copilot in Power Automate. - -It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false. | | +| **DisableCopilot** | Write | Boolean | Disables cloud flows copilot in Power Automate. It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false. | | | **DisableCopilotWithBing** | Write | Boolean | Disables the copilot-enhanced help feature within Power Automate to enhance answers on product documentation through Bing Search. Default value is false. | | | **DisableAdminDigest** | Write | Boolean | Disables the weekly admin digest email for Managed Environments. Default value is false. | | | **DisablePreferredDataLocationForTeamsEnvironment** | Write | Boolean | Ignore the Teams group-preferred data location when provisioning a Teams environment. Default value is false. | | From 427b4ec0b8432e10e09cc87e366872e758d74840 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 12:36:25 +0000 Subject: [PATCH 27/35] Updated Resources and Cmdlet documentation pages --- .../intune/IntuneDeviceCompliancePolicyWindows10.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md index c5213a4659..39f27579cb 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md @@ -37,7 +37,7 @@ | **DeviceThreatProtectionRequiredSecurityLevel** | Write | String | DeviceThreatProtectionRequiredSecurityLevel of the Windows 10 device compliance policy. | `Unavailable`, `Secured`, `Low`, `Medium`, `High`, `NotSet` | | **ConfigurationManagerComplianceRequired** | Write | Boolean | ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy. | | | **TpmRequired** | Write | Boolean | TpmRequired of the Windows 10 device compliance policy. | | -| **DeviceCompliancePolicyScript** | Write | String | DeviceCompliancePolicyScript of the Windows 10 device compliance policy. | | +| **DeviceCompliancePolicyScript** | Write | MSFT_MicrosoftGraphDeviceCompliancePolicyScript | DeviceCompliancePolicyScript of the Windows 10 device compliance policy. | | | **ValidOperatingSystemBuildRanges** | Write | MSFT_MicrosoftGraphOperatingSystemVersionRange[] | ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | @@ -71,6 +71,15 @@ | **LowestVersion** | Write | String | The lowest inclusive version that this range contains. | | | **HighestVersion** | Write | String | The highest inclusive version that this range contains. | | +### MSFT_MicrosoftGraphDeviceCompliancePolicyScript + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | Device compliance script name. | | +| **RulesContent** | Write | String | Rules content of the custom settings. | | + ## Description From 4f0f351f5063a03c729ad5930d8ee74770686bf1 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 12:41:03 +0000 Subject: [PATCH 28/35] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index a50c93400b..4d889d5751 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -29680,6 +29680,21 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphDeviceCompliancePolicyScript", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "RulesContent", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneDeviceCompliancePolicyWindows10", "Parameters": [ @@ -29849,7 +29864,7 @@ "Option": "Write" }, { - "CIMType": "String", + "CIMType": "MSFT_MicrosoftGraphDeviceCompliancePolicyScript", "Name": "DeviceCompliancePolicyScript", "Option": "Write" }, From 01a4b32c1d41a84036231f14ddf3cb33726c69ee Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 13:14:35 +0000 Subject: [PATCH 29/35] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADPasswordRuleSettings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md b/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md index 66ff3a0bfb..97bfdc0729 100644 --- a/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md +++ b/docs/docs/resources/azure-ad/AADPasswordRuleSettings.md @@ -9,7 +9,7 @@ | **LockoutDurationInSeconds** | Write | UInt32 | The duration in seconds of the initial lockout period. | | | **EnableBannedPasswordCheck** | Write | Boolean | Boolean indicating if the banned password check for tenant specific banned password list is turned on or not. | | | **BannedPasswordList** | Write | StringArray[] | A list of banned words in passwords. | | -| **BannedPasswordCheckOnPremisesMode** | Write | String | How should we enforce password policy check in on-premises system. | | +| **BannedPasswordCheckOnPremisesMode** | Write | String | How should we enforce password policy check in on-premises system. | `Enforced`, `Audit` | | **EnableBannedPasswordCheckOnPremises** | Write | Boolean | Boolean indicating if the banned password check is turned on or not for on-premises system. | | | **Ensure** | Write | String | Specify if the Azure AD Password Rule Settings should exist or not. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. | | From 8d014a33bcfdcfa4b9bcca660c8a343093ee90c1 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 14:18:49 +0000 Subject: [PATCH 30/35] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/sharepoint/SPOTenantSettings.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/resources/sharepoint/SPOTenantSettings.md b/docs/docs/resources/sharepoint/SPOTenantSettings.md index 4baad6486b..53951887e5 100644 --- a/docs/docs/resources/sharepoint/SPOTenantSettings.md +++ b/docs/docs/resources/sharepoint/SPOTenantSettings.md @@ -5,6 +5,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | +| **EnableAzureADB2BIntegration** | Write | Boolean | Enables OneDrive and SharePoint integration with Microsoft Entra B2B. | | +| **OneDriveSharingCapability** | Write | String | Determines what level of sharing is available for OneDrive sites. It corresponds to the SharingCapabilities for OneDrive sites. | `ExternalUserAndGuestSharing`, `Disabled`, `ExternalUserSharingOnly`, `ExistingExternalUserSharingOnly` | | **MinCompatibilityLevel** | Write | UInt32 | Specifies the lower bound on the compatibility level for new sites. | | | **MaxCompatibilityLevel** | Write | UInt32 | Specifies the upper bound on the compatibility level for new sites. | | | **SearchResolveExactEmailOrUPN** | Write | Boolean | Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired. | | From ba507509c97acbc6af089e050179e0e68daa7220 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 14:22:52 +0000 Subject: [PATCH 31/35] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 4d889d5751..98d56bffa4 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -63583,6 +63583,16 @@ "Name": "IsSingleInstance", "Option": "Key" }, + { + "CIMType": "boolean", + "Name": "EnableAzureADB2BIntegration", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "OneDriveSharingCapability", + "Option": "Write" + }, { "CIMType": "uint32", "Name": "MinCompatibilityLevel", From b0352a404d9661c57cfce5d81b5fa0486d75a7a9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 26 Feb 2025 12:21:20 -0500 Subject: [PATCH 32/35] Release 1.25.226.1 --- CHANGELOG.md | 8 +++++--- .../MSFT_AADConditionalAccessPolicy.psm1 | 8 ++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28ad092b4a..cbea13740c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,16 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.25.226.1 * AADConditionalAccessPolicy - * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. + * Fixed an issue where `TermsOfUse` was not passed as an array, causing failures in GCC-High environments. FIXES [#5742](https://github.com/microsoft/Microsoft365DSC/issues/5742) + * Added verbose to the Get-TargetResource function to print out the retrieved + policies from calling the cmdlet. * AADPasswordRuleSettings * Updated schema to only accept values 'Enforced' and 'Audit' for parameter BannedPasswordCheckOnPremisesMode * IntuneDeviceCompliancePolicyWindows10 - * Fixes the handling of the `DeviceCompliancePolicyScript` property. + * Fixes the handling of the `DeviceCompliancePolicyScript` property. FIXES [#5510](https://github.com/microsoft/Microsoft365DSC/issues/5510) * PPTenantSettings * Corrected issue in the resource schema. The description was a multi-line diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 5db48c7d03..9bb40d3581 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -287,11 +287,16 @@ function Get-TargetResource try { $Policy = Get-MgBetaIdentityConditionalAccessPolicy -ConditionalAccessPolicyId $Id -ErrorAction Stop + $jsonPolicy = ConvertTo-Json $Policy -ErrorAction SilentlyContinue + Write-Verbose -Message "Retrieved policy:`r`n$($jsonPolicy)" } catch { Write-Verbose -Message "Couldn't find existing policy by ID {$Id}" $Policy = Get-MgBetaIdentityConditionalAccessPolicy -Filter "DisplayName eq '$DisplayName'" + $jsonPolicy = ConvertTo-Json $Policy -ErrorAction SilentlyContinue + Write-Verbose -Message "Retrieved policy:`r`n$($jsonPolicy)" + if ($Policy.Length -gt 1) { throw "Duplicate CA Policies named $DisplayName exist in tenant" @@ -303,6 +308,9 @@ function Get-TargetResource Write-Verbose -Message 'Id was NOT specified' ## Can retreive multiple CA Policies since displayname is not unique $Policy = Get-MgBetaIdentityConditionalAccessPolicy -Filter "DisplayName eq '$DisplayName'" + $jsonPolicy = ConvertTo-Json $Policy -ErrorAction SilentlyContinue + Write-Verbose -Message "Retrieved policy:`r`n$($jsonPolicy)" + if ($Policy.Length -gt 1) { throw "Duplicate CA Policies named $DisplayName exist in tenant" From 369c4a4124e3d11da3882eb249242288a7215f46 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 26 Feb 2025 15:38:58 -0500 Subject: [PATCH 33/35] Release 1.25.226.1 --- CHANGELOG.md | 2 + .../MSFT_O365OrgSettings.psm1 | 118 +++++++----------- .../MSFT_O365OrgSettings.schema.mof | 1 + .../MSFT_O365OrgSettings/settings.json | 14 +++ 4 files changed, 63 insertions(+), 72 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cbea13740c..61f369d8c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ * IntuneDeviceCompliancePolicyWindows10 * Fixes the handling of the `DeviceCompliancePolicyScript` property. FIXES [#5510](https://github.com/microsoft/Microsoft365DSC/issues/5510) +* O365OrgSettings + * Added support for the AllowPlannerCopilot setting. * PPTenantSettings * Corrected issue in the resource schema. The description was a multi-line string, which is not allowed. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 42e5957451..4dac5af4b9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -69,6 +69,10 @@ function Get-TargetResource [System.Boolean] $PlannerAllowCalendarSharing, + [Parameter()] + [System.Boolean] + $AllowPlannerCopilot, + [Parameter()] [System.Boolean] $MicrosoftVivaBriefingEmail, @@ -221,6 +225,7 @@ function Get-TargetResource { $results += @{ PlannerAllowCalendarSharing = $PlannerSettings.allowCalendarSharing + AllowPlannerCopilot = $PlannerSettings.allowPlannerCopilot } } @@ -234,61 +239,6 @@ function Get-TargetResource } } - # DEPRECATED - Microsoft Viva Briefing Email - <# - $vivaBriefingEmailValue = $false - try - { - $currentBriefingConfig = Get-DefaultTenantBriefingConfig -ErrorAction Stop -Verbose:$false - if ($currentBriefingConfig.IsEnabledByDefault -eq 'opt-in') - { - $vivaBriefingEmailValue = $true - } - } - catch - { - if ($_.Exception.Message -like "*Unexpected character encountered while parsing value*") - { - $vivaBriefingEmailValue = $true - } - elseif ($_.Exception.Message -like "*A task was canceled*") - { - $retries = 1 - $errorContent = $null - while ($retries -le 5) - { - try - { - Start-Sleep -Seconds 2 - $currentBriefingConfig = Get-DefaultTenantBriefingConfig -ErrorAction Stop -Verbose:$false - } - catch - { - $errorContent = $_ - $retries++ - } - } - if ($null -eq $currentBriefingConfig) - { - throw $errorContent - } - else - { - if ($currentBriefingConfig.IsEnabledByDefault -eq 'opt-in') - { - $vivaBriefingEmailValue = $true - } - } - } - else - { - throw $_ - } - } - $results += @{ - MicrosoftVivaBriefingEmail = $vivaBriefingEmailValue - }#> - # Viva Insights settings $currentVivaInsightsSettings = Get-DefaultTenantMyAnalyticsFeatureConfig -Verbose:$false if ($null -ne $currentVivaInsightsSettings) @@ -484,6 +434,10 @@ function Set-TargetResource [System.Boolean] $PlannerAllowCalendarSharing, + [Parameter()] + [System.Boolean] + $AllowPlannerCopilot, + [Parameter()] [System.Boolean] $MicrosoftVivaBriefingEmail, @@ -599,11 +553,14 @@ function Set-TargetResource Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage } - if ($PSBoundParameters.ContainsKey('PlannerAllowCalendarSharing') -and ` - ($PlannerAllowCalendarSharing -ne $currentValues.PlannerAllowCalendarSharing)) + if (($PSBoundParameters.ContainsKey('PlannerAllowCalendarSharing') -and ` + ($PlannerAllowCalendarSharing -ne $currentValues.PlannerAllowCalendarSharing)) -or ` + ($PSBoundParameters.ContainsKey('AllowPlannerCopilot') -and ` + ($AllowPlannerCopilot -ne $currentValues.AllowPlannerCopilot))) { Write-Verbose -Message "Updating the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}" - Set-M365DSCO365OrgSettingsPlannerConfig -AllowCalendarSharing $PlannerAllowCalendarSharing + Set-M365DSCO365OrgSettingsPlannerConfig -AllowCalendarSharing $PlannerAllowCalendarSharing ` + -AllowPlannerCopilot $AllowPlannerCopilot } if ($PSBoundParameters.ContainsKey('CortanaEnabled') -and ` @@ -916,6 +873,10 @@ function Test-TargetResource [System.Boolean] $PlannerAllowCalendarSharing, + [Parameter()] + [System.Boolean] + $AllowPlannerCopilot, + [Parameter()] [System.Boolean] $MicrosoftVivaBriefingEmail, @@ -1131,7 +1092,6 @@ function Get-M365DSCO365OrgSettingsPlannerConfig { [CmdletBinding()] param() - $VerbosePreference = 'SilentlyContinue' try { @@ -1140,7 +1100,7 @@ function Get-M365DSCO365OrgSettingsPlannerConfig $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method GET ` - $Uri -ErrorAction Stop + -Uri $Uri -ErrorAction Stop return $results } catch @@ -1167,23 +1127,37 @@ function Set-M365DSCO365OrgSettingsPlannerConfig { [CmdletBinding()] param( - [Parameter(Mandatory = $true)] + [Parameter()] [System.Boolean] - $AllowCalendarSharing + $AllowCalendarSharing, + + [Parameter()] + [System.Boolean] + $AllowPlannerCopilot ) - $VerbosePreference = 'SilentlyContinue' - $flags = @{ - allowCalendarSharing = $AllowCalendarSharing + $flags = @{} + + if ($null -ne $AllowCalendarSharing) + { + $flags.Add('allowCalendarSharing', $AllowCalendarSharing) + } + if ($null -ne $AllowPlannerCopilot) + { + $flags.Add('allowPlannerCopilot', $AllowPlannerCopilot) } - $requestBody = $flags | ConvertTo-Json - $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings' - $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` - -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` - -Method PATCH ` - -Body $requestBody ` - $Uri + if ($flags.Keys.Count -gt 0) + { + $requestBody = $flags | ConvertTo-Json + Write-Verbose -Message "Updating Planner settings with values:`r`n$($requestBody)" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings' + $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` + -Method PATCH ` + -Body $requestBody ` + -Uri $Uri + } } function Get-M365DSCOrgSettingsInstallationOptions diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof index 2eb2767c73..a6bddbcd8c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof @@ -22,6 +22,7 @@ class MSFT_O365OrgSettings : OMI_BaseResource [Write, Description("Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions.")] Boolean VivaInsightsOutlookAddInAndInlineSuggestions; [Write, Description("Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature.")] Boolean VivaInsightsScheduleSendSuggestions; [Write, Description("Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds.")] Boolean PlannerAllowCalendarSharing; + [Write, Description("Enables Copilot for Planner.")] Boolean AllowPlannerCopilot; [Write, Description("To Do - Allow external users to join.")] Boolean ToDoIsExternalJoinEnabled; [Write, Description("To Do - Allow sharing with external users.")] Boolean ToDoIsExternalShareEnabled; [Write, Description("To Do - Allow your users to receive push notifications.")] Boolean ToDoIsPushNotificationEnabled; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json index 3ccc87b04c..135ef13e27 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json @@ -2,6 +2,20 @@ "resourceName": "O365OrgSettings", "description": "", "permissions": { + "ProjectWorkManagement": { + "application":{ + "read": [ + { + "name": "OrgSettings-Planner.Read.All" + } + ], + "update": [ + { + "name": "OrgSettings-Planner.ReadWrite.All" + } + ] + } + }, "graph": { "delegated": { "read": [ From 302826ba17e37d9bc04fa802ac5ed327e1bcdeff Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 26 Feb 2025 15:51:07 -0500 Subject: [PATCH 34/35] Updated MSCloudLoginAssistant --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61f369d8c8..cabc3c1179 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,8 @@ * Apply ordering during export. * TeamsUser * Apply ordering during export. +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.39. # 1.25.219.3 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 0dd54062c9..162889288c 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -118,7 +118,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.38" + RequiredVersion = "1.1.39" }, @{ ModuleName = 'PnP.PowerShell' From 2be9cc290b6acebdb75aeb7a8fb6a9a525263b40 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 26 Feb 2025 21:35:20 +0000 Subject: [PATCH 35/35] Updated Resources and Cmdlet documentation pages --- .../resources/office365/O365OrgSettings.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md index a7c8b31216..d5113585db 100644 --- a/docs/docs/resources/office365/O365OrgSettings.md +++ b/docs/docs/resources/office365/O365OrgSettings.md @@ -25,6 +25,7 @@ | **VivaInsightsOutlookAddInAndInlineSuggestions** | Write | Boolean | Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions. | | | **VivaInsightsScheduleSendSuggestions** | Write | Boolean | Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature. | | | **PlannerAllowCalendarSharing** | Write | Boolean | Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds. | | +| **AllowPlannerCopilot** | Write | Boolean | Enables Copilot for Planner. | | | **ToDoIsExternalJoinEnabled** | Write | Boolean | To Do - Allow external users to join. | | | **ToDoIsExternalShareEnabled** | Write | Boolean | To Do - Allow sharing with external users. | | | **ToDoIsPushNotificationEnabled** | Write | Boolean | To Do - Allow your users to receive push notifications. | | @@ -70,6 +71,30 @@ To authenticate with the Microsoft Graph API, this resource required the followi - Application.ReadWrite.All, ReportSettings.ReadWrite.All, OrgSettings-Microsoft365Install.ReadWrite.All, OrgSettings-Forms.ReadWrite.All, OrgSettings-Todo.ReadWrite.All, OrgSettings-AppsAndServices.ReadWrite.All, OrgSettings-DynamicsVoice.ReadWrite.All, Tasks.ReadWrite.All +### ProjectWorkManagement + +To authenticate with the Microsoft ProjectWorkManagement API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - OrgSettings-Planner.Read.All + +- **Update** + + - OrgSettings-Planner.ReadWrite.All + ## Examples ### Example 1