Release 1.25.129.2

CHANGELOG.md

@@ -1,7 +1,19 @@
 # Change log for Microsoft365DSC
 
+# 1.25.129.2
+
+* M365DSCRuleEvaluation
+  * Only provide the ManagedIdentity parameter for resources which supports it.
+* SCDLPComplianceRule
+  * Added the comments property on creation.
+* SCPolicyConfig
+  * Changed parsing logic to account for $null or missing properties in the
+    API response.
+
 # 1.25.129.1
 
+* AADGroup
+  * Added functionality to add & check on Devices in AAD groups.
 * AADRoleEligibilityScheduleRequest
   * Changed the mapping logic to find Id of a custom role.
 * AADServicePrincipal
@@ -23,7 +35,6 @@
   * Refactored the export to use a common CIMInstance function.
 * AADGroup
   * Refactored the export to use a common CIMInstance function.
-  * Added functionality to add & check on Devices in AAD groups.
 * AADHomeRealmDiscoveryPolicy
   * Refactored the export to use a common CIMInstance function.
 * AADIdentityGovernanceLifecycleWorkflow

Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1

@@ -173,7 +173,6 @@ function Test-TargetResource
             ApplicationId         = $PSBoundParameters.ApplicationId
             TenantId              = $PSBoundParameters.TenantId
             CertificateThumbprint = $PSBoundParameters.CertificateThumbprint
-            ManagedIdentity       = $PSBoundParameters.ManagedIdentity
         }
 
         if ($null -ne $PSBoundParameters.ApplicationSecret)
@@ -189,6 +188,20 @@ function Test-TargetResource
         Import-Module $module -Force -Function 'Export-TargetResource' | Out-Null
         $cmdName = "MSFT_$ResourceTypeName\Export-TargetResource"
 
+        # Ensure the referenced resource supports ManagedIdentity before adding the parameter.
+        try
+        {
+            $exportFunctionInfo = (Get-Command -Module "MSFT_$ResourceTypeName") | Where-Object -FilterScript {$_.Name -eq 'Export-TargetResource'}
+            if ($exportFunctionInfo.Parameters.Name -Contains 'ManagedIdentity')
+            {
+                $params.Add('ManagedIdentity', $PSBoundParameters.ManagedIdentity)
+            }
+        }
+        catch
+        {
+            Write-Verbose $_
+        }
+
         [Array]$instances = &$cmdName @params
 
         $DSCStringContent = @"

Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1

@@ -923,13 +923,8 @@ function Set-TargetResource
         $CreationParams.Remove('ApplicationSecret') | Out-Null
         $CreationParams.Remove('AccessTokens') | Out-Null
 
-        $NewruleParam = @{
-            Name         = $CreationParams.Name
-            Policy       = $CreationParams.Policy
-            AdvancedRule = $CreationParams.AdvancedRule
-        }
         Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)"
-        New-DLPComplianceRule @NewruleParam
+        New-DLPComplianceRule @CreationParams
     }
     elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentRule.Ensure))
     {
@@ -1390,7 +1385,6 @@ function Test-TargetResource
     $ValuesToCheck.Remove('ContentContainsSensitiveInformation') | Out-Null
     $ValuesToCheck.Remove('ExceptIfContentContainsSensitiveInformation') | Out-Null
 
-
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `
         -DesiredValues $PSBoundParameters `

Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1

@@ -177,10 +177,16 @@ function Get-TargetResource
         $DlpNetworkShareGroupsObject = ConvertFrom-Json $instance.DlpNetworkShareGroups
 
         # AdvancedClassificationEnabled
-        $AdvancedClassificationEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value
+        $AdvancedClassificationEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value)
 
         # BandwidthLimitEnabled
-        $BandwidthLimitEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabledValue' }).Value
+        $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabled' }).Value
+        $parsedValue = $null
+        if ($null -ne $toBeParsed)
+        {
+            $parsedValue = [Boolean]::Parse($toBeParsed)
+        }
+        $BandwidthLimitEnabledValue = $parsedValue
 
         # DailyBandwidthLimitInMB
         $DailyBandwidthLimitInMBValue = [UInt32]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value
@@ -192,7 +198,7 @@ function Get-TargetResource
         $MacPathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacPathExclusion' }).Value
 
         # MacDefaultPathExclusionsEnabled
-        $MacDefaultPathExclusionsEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value
+        $MacDefaultPathExclusionsEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value)
 
         #EvidenceStoreSettings
         $entry = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'EvidenceStoreSettings' }
@@ -208,7 +214,7 @@ function Get-TargetResource
         }
 
         # NetworkPathEnforcementEnabled
-        $NetworkPathEnforcementEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value
+        $NetworkPathEnforcementEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value)
 
         # NetworkPathExclusion
         $NetworkPathExclusionValue = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathExclusion' }).Value
@@ -229,7 +235,7 @@ function Get-TargetResource
                 $app = @{
                     ExecutableName = $appEntry.ExecutableName
                     Name           = $appEntry.Name
-                    Quarantine     = [Boolean]$appEntry.Quarantine
+                    Quarantine     = [Boolean]::Parse($appEntry.Quarantine)
                 }
                 $entry.Apps += $app
             }
@@ -261,7 +267,13 @@ function Get-TargetResource
         }
 
         # IncludePredefinedUnallowedBluetoothApps
-        $IncludePredefinedUnallowedBluetoothAppsValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value
+        $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value
+        $parsedValue = $null
+        if ($null -ne $toBeParsed)
+        {
+            $parsedValue = [Boolean]::Parse($toBeParsed)
+        }
+        $IncludePredefinedUnallowedBluetoothAppsValue = $parsedValue
 
         # UnallowedBluetoothApp
         $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedBluetoothApp' })
@@ -340,10 +352,10 @@ function Get-TargetResource
             }
 
             # serverDlpEnabled
-            $serverDlpEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value
+            $serverDlpEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value)
 
             # AuditFileActivity
-            $AuditFileActivityValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value
+            $AuditFileActivityValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value)
 
             # VPNSettings
             $entity = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'VPNSettings' }
@@ -842,7 +854,7 @@ function Set-TargetResource
         }
     }
 
-    if ($null -ne $CloudAppMode)
+    if (-not [System.String]::IsNullOrEmpty($CloudAppMode))
     {
         $EndpointDlpGlobalSettingsValue += @{
             Setting = 'CloudAppMode'
@@ -1006,9 +1018,13 @@ function Set-TargetResource
         DlpAppGroups              = $DLPAppGroupsValue
         DlpPrinterGroups          = ConvertTo-Json $DlpPrinterGroupsValue -Depth 10 -Compress
         DLPRemovableMediaGroups   = ConvertTo-Json $DLPRemovableMediaGroupsValue -Depth 10 -Compress
-        EnableSpoAipMigration     = $EnableSpoAipMigration
         EndpointDlpGlobalSettings = $EndpointDlpGlobalSettingsValue
     }
+    $CurrentPolicyConfig = Get-TargetResource @PSBoundParameters
+    if ($EnableSpoAipMigration -ne $CurrentPolicyConfig.EnableSpoAipMigration)
+    {
+        $params.Add("EnableSpoAipMigration", $EnableSpoAipMigration)
+    }
     Write-Verbose -Message "Updating policy config with values:`r`n$(Convert-M365DscHashtableToString -Hashtable $params)"
     Set-PolicyConfig @params
 }
@@ -1185,6 +1201,7 @@ function Test-TargetResource
 
     #Compare Cim instances
     $testResult = $true
+    $testTargetResource = $true
     foreach ($key in $PSBoundParameters.Keys)
     {
         $source = $PSBoundParameters.$key
@@ -1197,6 +1214,7 @@ function Test-TargetResource
 
             if (-not $testResult)
             {
+                $testTargetResource = $false
                 break
             }
 
@@ -1209,9 +1227,12 @@ function Test-TargetResource
         -DesiredValues $PSBoundParameters `
         -ValuesToCheck $ValuesToCheck.Keys
 
-    Write-Verbose -Message "Test-TargetResource returned $testResult"
-
-    return $testResult
+    if (-not $testResult)
+    {
+        $testTargetResource = $false
+    }
+    Write-Verbose -Message "Test-TargetResource returned $testTargetResource"
+    return $testTargetResource
 }
 
 function Export-TargetResource

Modules/Microsoft365DSC/Microsoft365DSC.psd1

@@ -11,7 +11,7 @@
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion     = '1.25.129.1'
+  ModuleVersion     = '1.25.129.2'
 
   # Supported PSEditions
   # CompatiblePSEditions = @()
@@ -147,16 +147,13 @@
       IconUri      = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true'
 
       # ReleaseNotes of this module
-      ReleaseNotes = '* AADRoleEligibilityScheduleRequest
-  * Changed the mapping logic to find Id of a custom role.
-* AADServicePrincipal
-  * Fixes a regression issue when trying to export instances, the authentication
-    parameters were no longer returned by the Get-TargetResource function.
-* IntuneDeviceConfigurationPolicyiOS
-  * Fixes [#5594] https://github.com/microsoft/Microsoft365DSC/issues/5594
-* MISC
-  * AAD Workload
-    * Improved performance of various resources during export.'
+      ReleaseNotes = '* M365DSCRuleEvaluation
+  * Only provide the ManagedIdentity parameter for resources which supports it.
+* SCDLPComplianceRule
+  * Added the comments property on creation.
+* SCPolicyConfig
+  * Changed parsing logic to account for $null or missing properties in the
+    API response.'
 
       # Flag to indicate whether the module requires explicit user acceptance for install/update
       # RequireLicenseAcceptance = $false

Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCPolicyConfig.Tests.ps1

@@ -202,7 +202,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
                 Mock -CommandName Get-PolicyConfig -MockWith {
                     return @{
-                        EndpointDlpGlobalSettings = '[{"Value":"true","Setting":"AdvancedClassificationEnabled"},{"Value":"false","Setting":"BandwidthLimitEnabled"},{"Value":"{\"FileEvidenceIsEnabled\":true,\"NumberOfDaysToRetain\":7,\"Store\":\"CustomerManaged\",\"StorageAccounts\":[{\"BlobUri\":\"https:\/\/contoso.com\",\"Name\":\"My storage\"}]}","Setting":"EvidenceStoreSettings"},{"Value":"true","Setting":"MacDefaultPathExclusionsEnabled"},{"Value":"\\\\includemenot","Setting":"PathExclusion"},{"Value":"\\\\excludemeWindows","Setting":"PathExclusion"},{"Value":"\\\\excludeme3","Setting":"PathExclusion"},{"Value":"\/pear","Setting":"MacPathExclusion"},{"Value":"\/apple","Setting":"MacPathExclusion"},{"Value":"\/orange","Setting":"MacPathExclusion"},{"Value":"Caramel","Executable":"cara.exe","Setting":"UnallowedApp"},{"Value":"ikochou","Executable":"gillex.msi","Setting":"UnallowedCloudSyncApp"},{"Value":"true","Setting":"NetworkPathEnforcementEnabled"},{"Value":"\\\\MyFirstPath:\\\\MySecondPath:\\\\MythirdPAth","Setting":"NetworkPathExclusion"},{"Value":"{\"FileReplacementText\":\"Gargamel\",\"MacQuarantinePath\":\"\/System\/Applications\/Microsoft DLP\/QuarantineMA\",\"QuarantinePath\":\"%homedrive%%homepath%\\\\Microsoft DLP\\\\Quarantine\",\"EnableQuarantineForCloudSyncApps\":false,\"ShouldReplaceFile\":true}","Setting":"QuarantineParameters"},{"Value":"True","Setting":"IncludePredefinedUnallowedBluetoothApps"},{"Value":"bluetooth","Executable":"micase.exe","Setting":"UnallowedBluetoothApp"},{"Value":"UC Browser","Executable":"ucbrowser.exe","Setting":"UnallowedBrowser"},{"Value":"contoso.net","Setting":"CloudAppRestrictionList"},{"Value":"contoso.com","Setting":"CloudAppRestrictionList"},{"Value":"Block","Setting":"CloudAppMode"},{"Value":"3","Setting":"CustomBusinessJustificationNotification"},{"Value":"[{\"Enable\":true,\"justificationText\":[\"default:Were\"],\"Id\":\"businessJustification1\"},{\"Enable\":true,\"justificationText\":[\"default:Not\"],\"Id\":\"businessJustification2\"},{\"Enable\":true,\"justificationText\":[\"default:Going\"],\"Id\":\"businessJustification3\"},{\"Enable\":true,\"justificationText\":[\"default:To\"],\"Id\":\"businessJustification4\"},{\"Enable\":true,\"justificationText\":[\"default:Take It\"],\"Id\":\"businessJustification5\"}]","Setting":"BusinessJustificationList"},{"Value":"{\u000d\u000a  \"serverAddress\": [\u000d\u000a    \"MyVPNAddress\",\u000d\u000a    \"MySecondVPNAddress\"]\u000d\u000a}","Setting":"VPNSettings"},{"Value":"true","Setting":"serverDlpEnabled"},{"Value":"false","Setting":"AuditFileActivity"}]'
+                        EndpointDlpGlobalSettings = '[{"Value":"true","Setting":"AdvancedClassificationEnabled"},{"Value":"false","Setting":"BandwidthLimitEnabled"},{"Value":"{\"FileEvidenceIsEnabled\":true,\"NumberOfDaysToRetain\":7,\"Store\":\"CustomerManaged\",\"StorageAccounts\":[{\"BlobUri\":\"https:\/\/contoso.com\",\"Name\":\"My storage\"}]}","Setting":"EvidenceStoreSettings"},{"Value":"true","Setting":"MacDefaultPathExclusionsEnabled"},{"Value":"\\\\includemenot","Setting":"PathExclusion"},{"Value":"\\\\excludemeWindows","Setting":"PathExclusion"},{"Value":"\\\\excludeme3","Setting":"PathExclusion"},{"Value":"\/pear","Setting":"MacPathExclusion"},{"Value":"\/apple","Setting":"MacPathExclusion"},{"Value":"\/orange","Setting":"MacPathExclusion"},{"Value":"Caramel","Executable":"cara.exe","Setting":"UnallowedApp"},{"Value":"ikochou","Executable":"gillex.msi","Setting":"UnallowedCloudSyncApp"},{"Value":"true","Setting":"NetworkPathEnforcementEnabled"},{"Value":"\\\\MyFirstPath:\\\\MySecondPath:\\\\MythirdPAth","Setting":"NetworkPathExclusion"},{"Value":"{\"FileReplacementText\":\"Gargamel\",\"MacQuarantinePath\":\"\/System\/Applications\/Microsoft DLP\/QuarantineMA\",\"QuarantinePath\":\"%homedrive%%homepath%\\\\Microsoft DLP\\\\Quarantine\",\"EnableQuarantineForCloudSyncApps\":false,\"ShouldReplaceFile\":true}","Setting":"QuarantineParameters"},{"Value":"True","Setting":"IncludePredefinedUnallowedBluetoothApps"},{"Value":"bluetooth","Executable":"micase.exe","Setting":"UnallowedBluetoothApp"},{"Value":"UC Browser","Executable":"ucbrowser.exe","Setting":"UnallowedBrowser"},{"Value":"contoso.net","Setting":"CloudAppRestrictionList"},{"Value":"contoso.com","Setting":"CloudAppRestrictionList"},{"Value":"Block","Setting":"CloudAppMode"},{"Value":"3","Setting":"CustomBusinessJustificationNotification"},{"Value":"[{\"Enable\":true,\"justificationText\":[\"default:Were\"],\"Id\":\"businessJustification1\"},{\"Enable\":true,\"justificationText\":[\"default:Not\"],\"Id\":\"businessJustification2\"},{\"Enable\":true,\"justificationText\":[\"default:Going\"],\"Id\":\"businessJustification3\"},{\"Enable\":true,\"justificationText\":[\"default:To\"],\"Id\":\"businessJustification4\"},{\"Enable\":true,\"justificationText\":[\"default:Take It\"],\"Id\":\"businessJustification5\"}]","Setting":"BusinessJustificationList"},{"Value":"{\u000d\u000a  \"serverAddress\": [\u000d\u000a    \"MyVPNAddress\",\u000d\u000a    \"MySecondVPNAddress\"]\u000d\u000a}","Setting":"VPNSettings"},{"Value":"true","Setting":"serverDlpEnabled"},{"Value":"true","Setting":"AuditFileActivity"}]'
                         DlpAppGroups              = '[{"Apps":[{"ExecutableName":"toc.exe","Name":"toctoctoc","Quarantine":false}],"Description":"Lacucaracha","Id":"22a9399b-d306-49c6-987d-0504316ee1c1","Name":"Maracas"}]'
                         SiteGroups                = '[{"Id":"495844da-c2ab-4511-a996-0b9a58917920","Name":"Whatever","Description":"","Addresses":[{"Url":"Karakette.com","AddressLower":"","AddressUpper":"","MatchType":"UrlMatch"}]}]'
                         DlpPrinterGroups          = '{"groups":[{"groupName":"MyGroup","groupId":"99a4cdac-cc9c-46f4-af2f-bb7201743c2a","printers":[{"name":"asdf","usbPrinter":"true","alias":"aasdf"}]}]}'