From 37cd2b7d1d3843c2cc45e0f95cd7956e3eea88f5 Mon Sep 17 00:00:00 2001 From: Julius Rauschen Date: Wed, 19 Feb 2025 08:21:42 +0100 Subject: [PATCH 01/26] Add ReportChatMessageEnabled, ReportChatMessageToCustomizedAddressEnabled properties --- CHANGELOG.md | 2 ++ .../MSFT_EXOReportSubmissionPolicy.psm1 | 26 +++++++++++++++++++ .../MSFT_EXOReportSubmissionPolicy.schema.mof | 2 ++ 3 files changed, 30 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d6119d856..8aee321a67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ * EXOSmtpDaneInbound * Updated authentication properties to align with MOF definition. FIXES [#5709](https://github.com/microsoft/Microsoft365DSC/issues/5709) +* EXOReportSubmissionPolicy + * Add ReportChatMessageEnabled, ReportChatMessageToCustomizedAddressEnabled * MISC * PowerPlatform resource revamp to use direct REST API calls. * DEPENDENCIES diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 index ecdfa2dbde..f9192d310b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1 @@ -105,6 +105,14 @@ function Get-TargetResource [System.String[]] $ThirdPartyReportAddresses = @(), + [Parameter()] + [System.Boolean] + $ReportChatMessageEnabled, + + [Parameter()] + [System.Boolean] + $ReportChatMessageToCustomizedAddressEnabled, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -209,6 +217,8 @@ function Get-TargetResource ReportPhishAddresses = $ReportSubmissionPolicy.ReportPhishAddresses ReportPhishToCustomizedAddress = $ReportSubmissionPolicy.ReportPhishToCustomizedAddress ThirdPartyReportAddresses = $ReportSubmissionPolicy.ThirdPartyReportAddresses + ReportChatMessageEnabled = $ReportSubmissionPolicy.ReportChatMessageEnabled + ReportChatMessageToCustomizedAddressEnabled = $ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled Credential = $Credential Ensure = 'Present' ApplicationId = $ApplicationId @@ -344,6 +354,14 @@ function Set-TargetResource [System.String[]] $ThirdPartyReportAddresses = @(), + [Parameter()] + [System.Boolean] + $ReportChatMessageEnabled, + + [Parameter()] + [System.Boolean] + $ReportChatMessageToCustomizedAddressEnabled, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -538,6 +556,14 @@ function Test-TargetResource [System.String[]] $ThirdPartyReportAddresses = @(), + [Parameter()] + [System.Boolean] + $ReportChatMessageEnabled, + + [Parameter()] + [System.Boolean] + $ReportChatMessageToCustomizedAddressEnabled, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof index f1a5df9d22..858cbd25fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof @@ -27,6 +27,8 @@ class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource [Write, Description("The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportPhishAddresses[]; [Write, Description("The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress; [Write, Description("Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.")] String ThirdPartyReportAddresses[]; + [Write, Description("")] Boolean ReportChatMessageEnabled; + [Write, Description("")] Boolean ReportChatMessageToCustomizedAddressEnabled; [Write, Description("Specifies if this report submission policy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 7eb5decb80956f86f2f7454dddfd885377328b25 Mon Sep 17 00:00:00 2001 From: Julius Rauschen Date: Thu, 20 Feb 2025 14:16:35 +0100 Subject: [PATCH 02/26] Add placeholder descriptions to EXOReportSubmissionPolicy.schema.mof --- .../MSFT_EXOReportSubmissionPolicy.schema.mof | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof index 858cbd25fc..422b9dec9f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof @@ -27,8 +27,8 @@ class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource [Write, Description("The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportPhishAddresses[]; [Write, Description("The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress; [Write, Description("Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.")] String ThirdPartyReportAddresses[]; - [Write, Description("")] Boolean ReportChatMessageEnabled; - [Write, Description("")] Boolean ReportChatMessageToCustomizedAddressEnabled; + [Write, Description("TBD")] Boolean ReportChatMessageEnabled; + [Write, Description("TBD")] Boolean ReportChatMessageToCustomizedAddressEnabled; [Write, Description("Specifies if this report submission policy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 5e34a03ae869351e9eeb5a851db11d09748b5c1d Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 21 Feb 2025 14:15:09 +0100 Subject: [PATCH 03/26] Updated SC export functions to force authentication --- .../MSFT_SCAuditConfigurationPolicy.psm1 | 3 +-- .../MSFT_SCAutoSensitivityLabelPolicy.psm1 | 3 +-- .../MSFT_SCAutoSensitivityLabelRule.psm1 | 3 +-- .../MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 | 3 +-- .../DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 | 3 +-- .../MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 | 3 +-- .../MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 | 3 +-- .../MSFT_SCComplianceSearchAction.psm1 | 3 +-- .../MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 | 4 ++-- .../MSFT_SCDLPCompliancePolicy.psm1 | 3 +-- .../MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 | 3 +-- .../MSFT_SCDeviceConditionalAccessPolicy.psm1 | 3 +-- .../MSFT_SCDeviceConfigurationPolicy.psm1 | 3 +-- .../MSFT_SCFilePlanPropertyAuthority.psm1 | 3 +-- .../MSFT_SCFilePlanPropertyCategory.psm1 | 3 +-- .../MSFT_SCFilePlanPropertyCitation.psm1 | 3 +-- .../MSFT_SCFilePlanPropertyDepartment.psm1 | 3 +-- .../MSFT_SCFilePlanPropertyReferenceId.psm1 | 3 +-- .../MSFT_SCFilePlanPropertySubCategory.psm1 | 3 +-- .../DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 | 3 +-- .../MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 | 3 +-- .../MSFT_SCRetentionCompliancePolicy.psm1 | 3 +-- .../MSFT_SCRetentionComplianceRule.psm1 | 3 +-- .../MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 | 3 +-- .../MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 | 3 +-- .../MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 | 3 +-- .../MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 | 3 +-- .../MSFT_SCSupervisoryReviewPolicy.psm1 | 3 +-- .../MSFT_SCSupervisoryReviewRule.psm1 | 3 +-- 29 files changed, 30 insertions(+), 58 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 index 11c7a99f29..ccb0e3f4eb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 @@ -326,8 +326,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 index 13cbacbeb9..9f222f3a91 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 @@ -816,8 +816,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index 0155f89f80..61ab1cf754 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -1110,8 +1110,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 index 1592752345..f59825d1bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 @@ -469,8 +469,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 index 2d8b0ee8a8..9e3f90711c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 @@ -366,8 +366,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 index a290aa6ce1..fa29587428 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 @@ -365,8 +365,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 index bdf5a0d863..50f2de1887 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 @@ -509,8 +509,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 index 8ff3608aa5..4aa15a96f7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 @@ -535,8 +535,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 index 70d1422644..b722efd3a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 @@ -521,8 +521,8 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 index 2e20b467d2..a406971498 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 @@ -935,8 +935,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index bc4e098b75..3a50e86d45 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -1438,8 +1438,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 index cc60f1d53f..f4c7df1130 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 @@ -351,8 +351,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 index 191c79f31b..b405ed473d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 @@ -353,8 +353,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 index dd4e1ef5b8..b3e16e2cfb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 @@ -322,8 +322,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 index af58b6337f..6695da5602 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 @@ -324,8 +324,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 index f99e5c5f5d..8871c83826 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 @@ -349,8 +349,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 index 229e640442..cab1fdad7b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 @@ -323,8 +323,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 index 3ce8b39b14..2582abd87e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 @@ -323,8 +323,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 index f617b28d30..5c5c31d045 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 @@ -349,8 +349,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 index 98d2feef56..b3fd3e3c72 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 @@ -813,8 +813,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index 1ce551a933..a408fb2769 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -629,8 +629,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 index 2600666f06..1d05f10c0a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 @@ -1052,8 +1052,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 index 6f6633d8d6..a77aacf396 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 @@ -550,8 +550,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 index 6475034cbd..3190d73091 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 @@ -339,8 +339,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 index 81f1c4563c..914a9e29e5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 @@ -363,8 +363,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 index d6c8fdecf6..6631960970 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 @@ -508,8 +508,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index 228b8e69a1..f0491033af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -1563,8 +1563,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 index ea4c2bc03e..07d19fec75 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 @@ -380,8 +380,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 index 6f21521850..2756dd4bc3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 @@ -355,8 +355,7 @@ function Export-TargetResource $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true + -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies From 248b59f379a4614fa0bb5fd8374353ccb136c92c Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 21 Feb 2025 14:18:34 +0100 Subject: [PATCH 04/26] Updated changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59a80ebf3e..82e877ae98 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* Security & Compliance + * Updated export functions to remove skipping of loading module, to prevent + missing cmdlet errors that are causing failing exports. + # 1.25.219.1 * AADAccessReviewPolicy From 56013c03641c5226b81798568952eb58f96c407d Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Fri, 21 Feb 2025 15:01:48 +0100 Subject: [PATCH 05/26] Add Intune Device Compliance Script for Windows10 resource --- CHANGELOG.md | 5 + ...IntuneDeviceComplianceScriptWindows10.psm1 | 547 ++++++++++++++++++ ...DeviceComplianceScriptWindows10.schema.mof | 21 + .../readme.md | 6 + .../settings.json | 16 + .../1-Create.ps1 | 40 ++ .../2-Update.ps1 | 40 ++ .../3-Remove.ps1 | 35 ++ ...eDeviceComplianceScriptWindows10.Tests.ps1 | 249 ++++++++ 9 files changed, 959 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/3-Remove.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceComplianceScriptWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 59a80ebf3e..a08464db67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceComplianceScriptWindows10 + * Initial release. + # 1.25.219.1 * AADAccessReviewPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.psm1 new file mode 100644 index 0000000000..058e24d281 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.psm1 @@ -0,0 +1,547 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnforceSignatureCheck, + + [Parameter()] + [System.String] + $Publisher, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Boolean] + $RunAs32Bit, + + [Parameter()] + [ValidateSet('system', 'user')] + [System.String] + $RunAsAccount, + + [Parameter()] + [System.String] + $DetectionScriptContent, + + [Parameter()] + [System.String] + $Id, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Getting configuration of the Intune Device Compliance Script for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Invoke-MgGraphRequest -Method GET -Uri "/beta/deviceManagement/deviceComplianceScripts/$Id" -SkipHttpErrorCheck + + if ($null -eq $getValue -or $null -ne $getValue.error) + { + Write-Verbose -Message "Could not find an Intune Device Compliance Script for Windows10 with Id {$Id}" + + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = (Invoke-MgGraphRequest -Method GET ` + -Uri "/beta/deviceManagement/deviceComplianceScripts?`$filter=displayName eq '$DisplayName'").value + if ($getValue.Count -gt 0) + { + $getValue = Invoke-MgGraphRequest -Method GET -Uri "/beta/deviceManagement/deviceComplianceScripts/$($getValue.id)" + } + } + } + #endregion + if ($getValue.Count -eq 0) + { + Write-Verbose -Message "Could not find an Intune Device Compliance Script for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + + Write-Verbose -Message "An Intune Device Compliance Script for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $enumRunAsAccount = $null + if ($null -ne $getValue.RunAsAccount) + { + $enumRunAsAccount = $getValue.RunAsAccount.ToString() + } + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.DisplayName + EnforceSignatureCheck = $getValue.EnforceSignatureCheck + RoleScopeTagIds = $getValue.RoleScopeTagIds + RunAs32Bit = $getValue.RunAs32Bit + RunAsAccount = $enumRunAsAccount + DetectionScriptContent = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($getValue.DetectionScriptContent)) + Publisher = $getValue.Publisher + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnforceSignatureCheck, + + [Parameter()] + [System.String] + $Publisher, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Boolean] + $RunAs32Bit, + + [Parameter()] + [ValidateSet('system', 'user')] + [System.String] + $RunAsAccount, + + [Parameter()] + [System.String] + $DetectionScriptContent, + + [Parameter()] + [System.String] + $Id, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $BoundParameters.DetectionScriptContent = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($BoundParameters.DetectionScriptContent)) + + # Convert all keys to camelCase + $scriptBody = @{} + foreach ($key in $BoundParameters.Keys) + { + $camelCaseKey = $key.Substring(0, 1).ToLower() + $key.Substring(1) + $scriptBody[$camelCaseKey] = $BoundParameters[$key] + } + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Compliance Script for Windows10 with DisplayName {$DisplayName}" + $scriptBody.Remove('Id') | Out-Null + Invoke-MgGraphRequest -Method POST -Uri '/beta/deviceManagement/deviceComplianceScripts' -Body $($scriptBody | ConvertTo-Json) + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Compliance Script for Windows10 with Id {$($currentInstance.Id)}" + Invoke-MgGraphRequest -Method PATCH -Uri "/beta/deviceManagement/deviceComplianceScripts/$($currentInstance.Id)" -Body $($scriptBody | ConvertTo-Json) + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Compliance Script for Windows10 with Id {$($currentInstance.Id)}" + try + { + Invoke-MgGraphRequest -Method DELETE -Uri "/beta/deviceManagement/deviceComplianceScripts/$($currentInstance.Id)" -ErrorAction Stop + } + catch + { + throw "Failed to delete Intune Device Compliance Script for Windows10 with Id $($currentInstance.Id). Error: $($_.ErrorDetails.Message)" + } + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnforceSignatureCheck, + + [Parameter()] + [System.String] + $Publisher, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Boolean] + $RunAs32Bit, + + [Parameter()] + [ValidateSet('system', 'user')] + [System.String] + $RunAsAccount, + + [Parameter()] + [System.String] + $DetectionScriptContent, + + [Parameter()] + [System.String] + $Id, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Compliance Script for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $testResult = $true + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + $uri = if ([string]::IsNullOrEmpty($Filter)) { '/beta/deviceManagement/deviceComplianceScripts' } else { "/beta/deviceManagement/deviceComplianceScripts?`$filter=$Filter" } + [array]$getValue = (Invoke-MgGraphRequest ` + -Method GET ` + -Uri $uri ` + -ErrorAction Stop).value + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.schema.mof new file mode 100644 index 0000000000..bd27c0a468 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/MSFT_IntuneDeviceComplianceScriptWindows10.schema.mof @@ -0,0 +1,21 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceComplianceScriptWindows10")] +class MSFT_IntuneDeviceComplianceScriptWindows10 : OMI_BaseResource +{ + [Write, Description("Optional description for the device compliance script.")] String Description; + [Key, Description("Name of the device compliance script.")] String DisplayName; + [Write, Description("Indicate whether the script signature needs be checked.")] Boolean EnforceSignatureCheck; + [Write, Description("Publisher of the script.")] String Publisher; + [Write, Description("List of Scope Tag IDs for this PowerShellScript instance.")] String RoleScopeTagIds[]; + [Write, Description("A value indicating whether the PowerShell script should run as 32-bit")] Boolean RunAs32Bit; + [Write, Description("Indicates the type of execution context. Possible values are: system, user."), ValueMap{"system","user"}, Values{"system","user"}] String RunAsAccount; + [Write, Description("The script content in Base64.")] String DetectionScriptContent; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/readme.md new file mode 100644 index 0000000000..1b3598bfcd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceComplianceScriptWindows10 + +## Description + +Intune Device Compliance Script for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/settings.json new file mode 100644 index 0000000000..dda8b8cc29 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceComplianceScriptWindows10/settings.json @@ -0,0 +1,16 @@ +{ + "resourceName": "IntuneDeviceComplianceScriptWindows10", + "description": "This resource configures an Intune Device Compliance Script for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/1-Create.ps1 new file mode 100644 index 0000000000..d0a5b0f13f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/1-Create.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Present"; + EnforceSignatureCheck = $False; + Id = "00000000-0000-0000-0000-000000000000"; + RunAs32Bit = $True; + RunAsAccount = "system"; + DetectionScriptContent = "Write-Output `$true"; + Publisher = ""; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/2-Update.ps1 new file mode 100644 index 0000000000..a0f64d10a0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/2-Update.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Present"; + EnforceSignatureCheck = $False; + Id = "00000000-0000-0000-0000-000000000000"; + RunAs32Bit = $False; # Updated property + RunAsAccount = "system"; + DetectionScriptContent = "Write-Output `$true"; + Publisher = ""; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..3d3ac06708 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceComplianceScriptWindows10/3-Remove.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Absent"; + Id = "00000000-0000-0000-0000-000000000000"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceComplianceScriptWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceComplianceScriptWindows10.Tests.ps1 new file mode 100644 index 0000000000..f47fb0d5dc --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceComplianceScriptWindows10.Tests.ps1 @@ -0,0 +1,249 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceComplianceScriptWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Invoke-MgGraphRequest -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + + $allComplianceScripts = @{ + value = @( + @{ + Description = "FakeStringValue" + DisplayName = "DeviceComplianceScript" + EnforceSignatureCheck = $true + Id = "12345-12345-12345-12345-12345" + Publisher = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + RunAsAccount = "system" + RunAs32Bit = $true + DetectionScriptContent = "" + } + ) + } + + $specificComplianceScript = @{ + Description = "FakeStringValue" + DisplayName = "DeviceComplianceScript" + EnforceSignatureCheck = $true + Id = "12345-12345-12345-12345-12345" + Publisher = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + RunAsAccount = "system" + RunAs32Bit = $true + DetectionScriptContent = "V3JpdGUtT3V0cHV0ICR0cnVl" + } + + $noComplianceScripts = @{ + value = @() + } + } + # Test contexts + Context -Name "The IntuneDeviceComplianceScriptWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "DeviceComplianceScript" + EnforceSignatureCheck = $True + Id = "12345-12345-12345-12345-12345" + Publisher = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + RunAs32Bit = $True + RunAsAccount = "system" + DetectionScriptContent = "Write-Output `$true" + Ensure = "Present" + Credential = $Credential + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts' } -MockWith { + return $noComplianceScripts + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Create the Intune Device Compliance Script for Windows10 from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'POST' } -Exactly 1 + } + } + + Context -Name "The IntuneDeviceComplianceScriptWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "DeviceComplianceScript" + EnforceSignatureCheck = $True + Id = "12345-12345-12345-12345-12345" + Publisher = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + RunAs32Bit = $True + RunAsAccount = "system" + DetectionScriptContent = "Write-Output `$true" + Ensure = "Absent" + Credential = $Credential + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts' } -MockWith { + return $allComplianceScripts + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts/12345-12345-12345-12345-12345' } -MockWith { + return $specificComplianceScript + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'DELETE' } -Exactly 1 + } + } + Context -Name "The IntuneDeviceComplianceScriptWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "DeviceComplianceScript" + EnforceSignatureCheck = $True + Id = "12345-12345-12345-12345-12345" + Publisher = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + RunAs32Bit = $True + RunAsAccount = "system" + DetectionScriptContent = "Write-Output `$true" + Ensure = "Present" + Credential = $Credential + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts' } -MockWith { + return $allComplianceScripts + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts/12345-12345-12345-12345-12345' } -MockWith { + return $specificComplianceScript + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceComplianceScriptWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "DeviceComplianceScript" + EnforceSignatureCheck = $True + Id = "12345-12345-12345-12345-12345" + Publisher = "FakeStringValue" + RoleScopeTagIds = @("FakeStringValue") + RunAs32Bit = $False #Drift + RunAsAccount = "system" + DetectionScriptContent = "Write-Output `$false" #Drift + Ensure = "Present" + Credential = $Credential + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts' } -MockWith { + return $allComplianceScripts + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts/12345-12345-12345-12345-12345' } -MockWith { + return $specificComplianceScript + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'PATCH' } -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts' } -MockWith { + return $allComplianceScripts + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Method -eq 'GET' -and $Uri -eq '/beta/deviceManagement/deviceComplianceScripts/12345-12345-12345-12345-12345' } -MockWith { + return $specificComplianceScript + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 13db5a3cc5b2bcdf39348c3a0db5efb9cbfcd4d1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 21 Feb 2025 09:33:55 -0500 Subject: [PATCH 06/26] EXODistributionGroup - Fixed the Ability to Set Members --- CHANGELOG.md | 7 ++++- .../MSFT_EXODistributionGroup.psm1 | 31 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59a80ebf3e..1b6983b55f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change log for Microsoft365DSC -# 1.25.219.1 +# UNRELEASED + +* EXODistributionGroup + * Fixed the ability to set members. + +# 1.25.219.2 * AADAccessReviewPolicy * Missing AccessReview permission for Application Read access diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 index 60f3a497ab..e8b98f0f5d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 @@ -708,8 +708,39 @@ function Set-TargetResource } $currentParameters.Remove('OrganizationalUnit') | Out-Null $currentParameters.Remove('Type') | Out-Null + + # Members + $membersDiff = Compare-Object -ReferenceObject $currentDistributionGroup.Members -DifferenceObject $Members + $membersToAdd = @() + $membersToRemove = @() + foreach ($difference in $membersDiff) + { + if ($difference.SideIndicator -eq '=>') + { + $membersToAdd += $difference.InputObject + } + elseif ($difference.SideIndicator -eq '<=') + { + $membersToRemove += $difference.InputObject + } + } + + foreach ($member in $membersToAdd) + { + Write-Verbose -Message "Adding member {$member}" + Add-DistributionGroupMember -Identity $Identity -Member $member -BypassSecurityGroupManagerCheck + } + foreach ($member in $membersToRemove) + { + Write-Verbose -Message "Removing member {$member}" + Remove-DistributionGroupMember -Identity $Identity ` + -Member $member ` + -BypassSecurityGroupManagerCheck ` + -Confirm:$false + } $currentParameters.Remove('Members') | Out-Null + if ($EmailAddresses.Length -gt 0) { $currentParameters.Remove('PrimarySmtpAddress') | Out-Null From 5b22284feb16f5e1bdc6f64a1c132431ab7905b3 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 21 Feb 2025 09:57:13 -0500 Subject: [PATCH 07/26] Update MSFT_EXODistributionGroup.psm1 --- .../MSFT_EXODistributionGroup.psm1 | 49 ++++++++++--------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 index e8b98f0f5d..645929946e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 @@ -710,36 +710,39 @@ function Set-TargetResource $currentParameters.Remove('Type') | Out-Null # Members - $membersDiff = Compare-Object -ReferenceObject $currentDistributionGroup.Members -DifferenceObject $Members - $membersToAdd = @() - $membersToRemove = @() - foreach ($difference in $membersDiff) + if ($null -ne $Members) { - if ($difference.SideIndicator -eq '=>') + $membersDiff = Compare-Object -ReferenceObject $currentDistributionGroup.Members -DifferenceObject $Members + $membersToAdd = @() + $membersToRemove = @() + foreach ($difference in $membersDiff) { - $membersToAdd += $difference.InputObject + if ($difference.SideIndicator -eq '=>') + { + $membersToAdd += $difference.InputObject + } + elseif ($difference.SideIndicator -eq '<=') + { + $membersToRemove += $difference.InputObject + } } - elseif ($difference.SideIndicator -eq '<=') + + foreach ($member in $membersToAdd) { - $membersToRemove += $difference.InputObject + Write-Verbose -Message "Adding member {$member}" + Add-DistributionGroupMember -Identity $Identity -Member $member -BypassSecurityGroupManagerCheck } + foreach ($member in $membersToRemove) + { + Write-Verbose -Message "Removing member {$member}" + Remove-DistributionGroupMember -Identity $Identity ` + -Member $member ` + -BypassSecurityGroupManagerCheck ` + -Confirm:$false + } + $currentParameters.Remove('Members') | Out-Null } - foreach ($member in $membersToAdd) - { - Write-Verbose -Message "Adding member {$member}" - Add-DistributionGroupMember -Identity $Identity -Member $member -BypassSecurityGroupManagerCheck - } - foreach ($member in $membersToRemove) - { - Write-Verbose -Message "Removing member {$member}" - Remove-DistributionGroupMember -Identity $Identity ` - -Member $member ` - -BypassSecurityGroupManagerCheck ` - -Confirm:$false - } - $currentParameters.Remove('Members') | Out-Null - if ($EmailAddresses.Length -gt 0) { From 5d5dde7928861a9f734d3172aea4da6375dad5c9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 21 Feb 2025 10:09:27 -0500 Subject: [PATCH 08/26] Update --- CHANGELOG.md | 2 ++ .../MSFT_EXOCalendarProcessing.psm1 | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b6983b55f..909fba1c7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* EXOCalendarProcessing + * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup * Fixed the ability to set members. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 index 6fbd0b929d..96c78de7d2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1 @@ -270,7 +270,7 @@ function Get-TargetResource } $result = @{ - Identity = $calendarProc.Identity + Identity = $Identity AddAdditionalResponse = $calendarProc.AddAdditionalResponse AdditionalResponse = $calendarProc.AdditionalResponse AddNewRequestsTentatively = $calendarProc.AddNewRequestsTentatively @@ -906,7 +906,7 @@ function Export-TargetResource $Global:M365DSCExportResourceInstancesCount++ } - Write-Host " |---[$i/$($mailboxes.Count)] $($mailbox.Identity.Split('-')[0])" -NoNewline + Write-Host " |---[$i/$($mailboxes.Count)] $($mailbox.UserPrincipalName)" -NoNewline $Params = @{ Identity = $mailbox.UserPrincipalName Credential = $Credential From b3e20ae02eda41002014360d9eef5b50f08c69b1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 21 Feb 2025 11:45:33 -0500 Subject: [PATCH 09/26] Updates to SCPolicyConfig handling of default values --- CHANGELOG.md | 3 + .../MSFT_SCPolicyConfig.psm1 | 90 +++++++++++++++---- .../MSFT_SCPolicyConfig.schema.mof | 25 +++--- 3 files changed, 89 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 909fba1c7e..e3becd301a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup * Fixed the ability to set members. +* SCPolicyConfig + * Handle default values in the Get-TargetResource function. + * Added support for the FileCopiedToCloudFullUrlEnabled property. # 1.25.219.2 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 index ddbfc85e45..5070fab045 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 @@ -61,6 +61,10 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $EvidenceStoreSettings, + [Parameter()] + [System.Boolean] + $FileCopiedToCloudFullUrlEnabled, + [Parameter()] [System.Boolean] $IncludePredefinedUnallowedBluetoothApps, @@ -177,19 +181,28 @@ function Get-TargetResource $DlpNetworkShareGroupsObject = ConvertFrom-Json $instance.DlpNetworkShareGroups # AdvancedClassificationEnabled - $AdvancedClassificationEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value) + $AdvancedClassificationEnabledValue = $false # default value + $valueToParse =($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $AdvancedClassificationEnabledValue = [Boolean]::Parse($valueToParse) + } # BandwidthLimitEnabled - $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabled' }).Value - $parsedValue = $null - if ($null -ne $toBeParsed) + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabled' }).Value + $BandwidthLimitEnabledValue = $true #default value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) { - $parsedValue = [Boolean]::Parse($toBeParsed) + $BandwidthLimitEnabledValue = [Boolean]::Parse($valueToParse) } - $BandwidthLimitEnabledValue = $parsedValue # DailyBandwidthLimitInMB - $DailyBandwidthLimitInMBValue = [UInt32]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value + $DailyBandwidthLimitInMBValue = 1000 # default value + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $DailyBandwidthLimitInMBValue = [UInt32]$valueToParse + } # PathExclusion $PathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'PathExclusion' }).Value @@ -198,7 +211,12 @@ function Get-TargetResource $MacPathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacPathExclusion' }).Value # MacDefaultPathExclusionsEnabled - $MacDefaultPathExclusionsEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value) + $MacDefaultPathExclusionsEnabledValue = $true # default value + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $MacDefaultPathExclusionsEnabledValue = [Boolean]::Parse($valueToParse) + } #EvidenceStoreSettings $entry = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'EvidenceStoreSettings' } @@ -214,7 +232,12 @@ function Get-TargetResource } # NetworkPathEnforcementEnabled - $NetworkPathEnforcementEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value) + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value + $NetworkPathEnforcementEnabledValue = $false # default value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $NetworkPathEnforcementEnabledValue = [Boolean]::Parse($valueToParse) + } # NetworkPathExclusion $NetworkPathExclusionValue = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathExclusion' }).Value @@ -267,13 +290,12 @@ function Get-TargetResource } # IncludePredefinedUnallowedBluetoothApps - $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value - $parsedValue = $null - if ($null -ne $toBeParsed) + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value + $IncludePredefinedUnallowedBluetoothAppsValue = $true # default value + if (-not [System.String]::IsNullOrEMpty($valueToParse)) { - $parsedValue = [Boolean]::Parse($toBeParsed) + $IncludePredefinedUnallowedBluetoothAppsValue = [Boolean]::Parse($valueToParse) } - $IncludePredefinedUnallowedBluetoothAppsValue = $parsedValue # UnallowedBluetoothApp $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedBluetoothApp' }) @@ -352,10 +374,20 @@ function Get-TargetResource } # serverDlpEnabled - $serverDlpEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value) + $serverDlpEnabledValue = $false #default value + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $serverDlpEnabledValue = [Boolean]::Parse($valueToParse) + } # AuditFileActivity - $AuditFileActivityValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value) + $AuditFileActivityValue = $false # default value + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $AuditFileActivityValue = [Boolean]::Parse($valueToParse) + } # VPNSettings $entity = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'VPNSettings' } @@ -454,10 +486,26 @@ function Get-TargetResource } } + #EnableLabelCoauthValue + $EnableLabelCoauthValue = $false # default value + if (-not [System.String]::IsNullOrEmpty($instance.EnableLabelCoauth)) + { + $EnableLabelCoauthValue = $instance.EnableLabelCoauth + } + + #FileCopiedToCloudFullUrlEnabledValue + $FileCopiedToCloudFullUrlEnabledValue = $false + $valueToParse = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'FileCopiedToCloudFullUrlEnabled' }).Value + if (-not [System.String]::IsNullOrEmpty($valueToParse)) + { + $FileCopiedToCloudFullUrlEnabledValue = [Boolean]::Parse($valueToParse) + } + $results = @{ IsSingleInstance = 'Yes' AdvancedClassificationEnabled = $AdvancedClassificationEnabledValue BandwidthLimitEnabled = $BandwidthLimitEnabledValue + FileCopiedToCloudFullUrlEnabled = $FileCopiedToCloudFullUrlEnabledValue DailyBandwidthLimitInMB = $DailyBandwidthLimitInMBValue PathExclusion = $PathExclusionValue MacPathExclusion = $MacPathExclusionValue @@ -482,7 +530,7 @@ function Get-TargetResource DLPRemovableMediaGroups = $DLPRemovableMediaGroupsValue DLPNetworkShareGroups = $DlpNetworkShareGroupsValue VPNSettings = $VPNSettingsValue - EnableLabelCoauth = $instance.EnableLabelCoauth + EnableLabelCoauth = $EnableLabelCoauthValue EnableSpoAipMigration = $instance.EnableSpoAipMigration QuarantineParameters = $QuarantineParametersValue Credential = $Credential @@ -569,6 +617,10 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $EvidenceStoreSettings, + [Parameter()] + [System.Boolean] + $FileCopiedToCloudFullUrlEnabled, + [Parameter()] [System.Boolean] $IncludePredefinedUnallowedBluetoothApps, @@ -1092,6 +1144,10 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $EvidenceStoreSettings, + [Parameter()] + [System.Boolean] + $FileCopiedToCloudFullUrlEnabled, + [Parameter()] [System.Boolean] $IncludePredefinedUnallowedBluetoothApps, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.schema.mof index adbd968ecd..8395699df7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.schema.mof @@ -135,25 +135,26 @@ class MSFT_PolicyConfigQuarantineParameters class MSFT_SCPolicyConfig : OMI_BaseResource { [Key, Description("Accepted value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; - [Write, Description("TBD")] Boolean AdvancedClassificationEnabled; - [Write, Description("TBD")] Boolean AuditFileActivity; - [Write, Description("TBD")] Boolean BandwidthLimitEnabled; + [Write, Description("Default value is false.")] Boolean AdvancedClassificationEnabled; + [Write, Description("Default value is false.")] Boolean AuditFileActivity; + [Write, Description("Default value is true.")] Boolean BandwidthLimitEnabled; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigBusinessJustificationList")] String BusinessJustificationList[]; - [Write, Description("TBD")] String CloudAppMode; + [Write, Description("Default value is Off.")] String CloudAppMode; [Write, Description("TBD")] String CloudAppRestrictionList[]; - [Write, Description("TBD")] UInt32 CustomBusinessJustificationNotification; - [Write, Description("TBD")] UInt32 DailyBandwidthLimitInMB; + [Write, Description("Default value is 0.")] UInt32 CustomBusinessJustificationNotification; + [Write, Description("Default value is 1000")] UInt32 DailyBandwidthLimitInMB; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPAppGroups")] String DLPAppGroups[]; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPNetworkShareGroups")] String DLPNetworkShareGroups[]; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPPrinterGroups")] String DLPPrinterGroups[]; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPRemovableMediaGroups")] String DLPRemovableMediaGroups[]; - [Write, Description("TBD")] Boolean IncludePredefinedUnallowedBluetoothApps; - [Write, Description("TBD")] Boolean MacDefaultPathExclusionsEnabled; + [Write, Description("Default value is true.")] Boolean IncludePredefinedUnallowedBluetoothApps; + [Write, Description("Default value is true.")] Boolean MacDefaultPathExclusionsEnabled; [Write, Description("TBD")] String MacPathExclusion[]; - [Write, Description("TBD")] Boolean NetworkPathEnforcementEnabled; + [Write, Description("Default value is false.")] Boolean NetworkPathEnforcementEnabled; [Write, Description("TBD")] String NetworkPathExclusion; [Write, Description("TBD")] String PathExclusion[]; - [Write, Description("TBD")] Boolean serverDlpEnabled; + [Write, Description("Default value is false")] Boolean serverDlpEnabled; + [Write, Description("Default value is false")] Boolean FileCopiedToCloudFullUrlEnabled; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigEvidenceStoreSettings")] String EvidenceStoreSettings; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigDLPSiteGroups")] String SiteGroups[]; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigApp")] String UnallowedApp[]; @@ -162,8 +163,8 @@ class MSFT_SCPolicyConfig : OMI_BaseResource [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigApp")] String UnallowedBrowser[]; [Write, Description("TBD"), EmbeddedInstance("MSFT_PolicyConfigQuarantineParameters")] String QuarantineParameters; [Write, Description("TBD")] String VPNSettings[]; - [Write, Description("TBD")] Boolean EnableLabelCoauth; - [Write, Description("TBD")] Boolean EnableSpoAipMigration; + [Write, Description("The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Default value is false.")] Boolean EnableLabelCoauth; + [Write, Description("The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive.")] Boolean EnableSpoAipMigration; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; From 5e64ba445353d73ab47dbf3e5192cf614232d4ca Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 21 Feb 2025 13:36:37 -0500 Subject: [PATCH 10/26] Update Microsoft365DSC.SCPolicyConfig.Tests.ps1 --- .../Microsoft365DSC/Microsoft365DSC.SCPolicyConfig.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCPolicyConfig.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCPolicyConfig.Tests.ps1 index 2687529d3f..2dfac68bec 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCPolicyConfig.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCPolicyConfig.Tests.ps1 @@ -81,7 +81,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { CloudAppMode = "Block"; CloudAppRestrictionList = @("contoso.net","contoso.com"); CustomBusinessJustificationNotification = 3; - DailyBandwidthLimitInMB = 0; + DailyBandwidthLimitInMB = 1000; DLPAppGroups = @( (New-CiMInstance -ClassName MSFT_PolicyConfigDLPAppGroups -Property @{ Name = 'Maracas' @@ -253,7 +253,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { CloudAppMode = "Block"; CloudAppRestrictionList = @("contoso.net","contoso.com"); CustomBusinessJustificationNotification = 3; - DailyBandwidthLimitInMB = 0; + DailyBandwidthLimitInMB = 1000; DLPAppGroups = @( (New-CiMInstance -ClassName MSFT_PolicyConfigDLPAppGroups -Property @{ Name = 'Maracas' From c65bd22a0e7f1b3cb9a8a208bb1de13ff1a7bb0b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 21 Feb 2025 19:11:49 +0000 Subject: [PATCH 11/26] Updated Resources and Cmdlet documentation pages --- .../security-compliance/SCPolicyConfig.md | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/docs/resources/security-compliance/SCPolicyConfig.md b/docs/docs/resources/security-compliance/SCPolicyConfig.md index 24d6efb596..e17172324d 100644 --- a/docs/docs/resources/security-compliance/SCPolicyConfig.md +++ b/docs/docs/resources/security-compliance/SCPolicyConfig.md @@ -5,25 +5,26 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **IsSingleInstance** | Key | String | Accepted value is 'Yes'. | `Yes` | -| **AdvancedClassificationEnabled** | Write | Boolean | TBD | | -| **AuditFileActivity** | Write | Boolean | TBD | | -| **BandwidthLimitEnabled** | Write | Boolean | TBD | | +| **AdvancedClassificationEnabled** | Write | Boolean | Default value is false. | | +| **AuditFileActivity** | Write | Boolean | Default value is false. | | +| **BandwidthLimitEnabled** | Write | Boolean | Default value is true. | | | **BusinessJustificationList** | Write | MSFT_PolicyConfigBusinessJustificationList[] | TBD | | -| **CloudAppMode** | Write | String | TBD | | +| **CloudAppMode** | Write | String | Default value is Off. | | | **CloudAppRestrictionList** | Write | StringArray[] | TBD | | -| **CustomBusinessJustificationNotification** | Write | UInt32 | TBD | | -| **DailyBandwidthLimitInMB** | Write | UInt32 | TBD | | +| **CustomBusinessJustificationNotification** | Write | UInt32 | Default value is 0. | | +| **DailyBandwidthLimitInMB** | Write | UInt32 | Default value is 1000 | | | **DLPAppGroups** | Write | MSFT_PolicyConfigDLPAppGroups[] | TBD | | | **DLPNetworkShareGroups** | Write | MSFT_PolicyConfigDLPNetworkShareGroups[] | TBD | | | **DLPPrinterGroups** | Write | MSFT_PolicyConfigDLPPrinterGroups[] | TBD | | | **DLPRemovableMediaGroups** | Write | MSFT_PolicyConfigDLPRemovableMediaGroups[] | TBD | | -| **IncludePredefinedUnallowedBluetoothApps** | Write | Boolean | TBD | | -| **MacDefaultPathExclusionsEnabled** | Write | Boolean | TBD | | +| **IncludePredefinedUnallowedBluetoothApps** | Write | Boolean | Default value is true. | | +| **MacDefaultPathExclusionsEnabled** | Write | Boolean | Default value is true. | | | **MacPathExclusion** | Write | StringArray[] | TBD | | -| **NetworkPathEnforcementEnabled** | Write | Boolean | TBD | | +| **NetworkPathEnforcementEnabled** | Write | Boolean | Default value is false. | | | **NetworkPathExclusion** | Write | String | TBD | | | **PathExclusion** | Write | StringArray[] | TBD | | -| **serverDlpEnabled** | Write | Boolean | TBD | | +| **serverDlpEnabled** | Write | Boolean | Default value is false | | +| **FileCopiedToCloudFullUrlEnabled** | Write | Boolean | Default value is false | | | **EvidenceStoreSettings** | Write | MSFT_PolicyConfigEvidenceStoreSettings | TBD | | | **SiteGroups** | Write | MSFT_PolicyConfigDLPSiteGroups[] | TBD | | | **UnallowedApp** | Write | MSFT_PolicyConfigApp[] | TBD | | @@ -32,8 +33,8 @@ | **UnallowedBrowser** | Write | MSFT_PolicyConfigApp[] | TBD | | | **QuarantineParameters** | Write | MSFT_PolicyConfigQuarantineParameters | TBD | | | **VPNSettings** | Write | StringArray[] | TBD | | -| **EnableLabelCoauth** | Write | Boolean | TBD | | -| **EnableSpoAipMigration** | Write | Boolean | TBD | | +| **EnableLabelCoauth** | Write | Boolean | The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Default value is false. | | +| **EnableSpoAipMigration** | Write | Boolean | The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive. | | | **Credential** | Write | PSCredential | Credentials of the workload's Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | From ee80efef8a4f6f258bae1dfe9f58639b9a1d769f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 21 Feb 2025 19:14:34 +0000 Subject: [PATCH 12/26] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index a17501a2ee..fd1d050716 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -59618,6 +59618,11 @@ "Name": "serverDlpEnabled", "Option": "Write" }, + { + "CIMType": "Boolean", + "Name": "FileCopiedToCloudFullUrlEnabled", + "Option": "Write" + }, { "CIMType": "MSFT_PolicyConfigEvidenceStoreSettings", "Name": "EvidenceStoreSettings", From e279755538f045dfb2cb6c4d938cc1b3baf6b35c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 21 Feb 2025 14:55:45 -0500 Subject: [PATCH 13/26] AADApplication - Fix ReplyUrls Removal --- CHANGELOG.md | 3 +++ .../MSFT_AADApplication/MSFT_AADApplication.psm1 | 10 ++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3becd301a..7d9b99cc87 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* AADAppplication + * Fixed an issue where specifying an empty ReplyURLs array would not remove + the existing entries. * EXOCalendarProcessing * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 922475a5a4..6e380c6f65 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -799,19 +799,21 @@ function Set-TargetResource $currentParameters.Add('Api', $apiValue) } - if ($ReplyUrls -or $LogoutURL -or $Homepage) + if ($PSBoundParameters.ContainsKey('ReplyUrls') -or ` + $PSBoundParameters.ContainsKey('LogoutURL') -or ` + $PSBoundParameters.ContainsKey('Homepage')) { $webValue = @{} - if ($ReplyUrls) + if ($PSBoundParameters.ContainsKey('ReplyUrls')) { $webValue.Add('RedirectUris', $currentParameters.ReplyURLs) } - if ($LogoutURL) + if ($PSBoundParameters.ContainsKey('LogoutURL')) { $webValue.Add('LogoutUrl', $currentParameters.LogoutURL) } - if ($Homepage) + if ($PSBoundParameters.ContainsKey('Homepage')) { $webValue.Add('HomePageUrl', $currentParameters.Homepage) } From 94380c1f164eac52744000ebf3fda51df08682cf Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 24 Feb 2025 15:36:42 +0000 Subject: [PATCH 14/26] Updated Resources and Cmdlet documentation pages --- .../IntuneDeviceComplianceScriptWindows10.md | 181 ++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceComplianceScriptWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceComplianceScriptWindows10.md b/docs/docs/resources/intune/IntuneDeviceComplianceScriptWindows10.md new file mode 100644 index 0000000000..586a7aba08 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceComplianceScriptWindows10.md @@ -0,0 +1,181 @@ +# IntuneDeviceComplianceScriptWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Optional description for the device compliance script. | | +| **DisplayName** | Key | String | Name of the device compliance script. | | +| **EnforceSignatureCheck** | Write | Boolean | Indicate whether the script signature needs be checked. | | +| **Publisher** | Write | String | Publisher of the script. | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tag IDs for this PowerShellScript instance. | | +| **RunAs32Bit** | Write | Boolean | A value indicating whether the PowerShell script should run as 32-bit | | +| **RunAsAccount** | Write | String | Indicates the type of execution context. Possible values are: system, user. | `system`, `user` | +| **DetectionScriptContent** | Write | String | The script content in Base64. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +Intune Device Compliance Script for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Present"; + EnforceSignatureCheck = $False; + Id = "00000000-0000-0000-0000-000000000000"; + RunAs32Bit = $True; + RunAsAccount = "system"; + DetectionScriptContent = "Write-Output `$true"; + Publisher = ""; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Present"; + EnforceSignatureCheck = $False; + Id = "00000000-0000-0000-0000-000000000000"; + RunAs32Bit = $False; # Updated property + RunAsAccount = "system"; + DetectionScriptContent = "Write-Output `$true"; + Publisher = ""; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Absent"; + Id = "00000000-0000-0000-0000-000000000000"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + From c5a1559c91a5e6528de1b9e7f496f738440356a0 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 24 Feb 2025 15:37:12 +0000 Subject: [PATCH 15/26] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOReportSubmissionPolicy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md b/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md index 9e685a4f18..184334f86f 100644 --- a/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md +++ b/docs/docs/resources/exchange/EXOReportSubmissionPolicy.md @@ -29,6 +29,8 @@ | **ReportPhishAddresses** | Write | StringArray[] | The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook. | | | **ReportPhishToCustomizedAddress** | Write | Boolean | The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. | | | **ThirdPartyReportAddresses** | Write | StringArray[] | Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook. | | +| **ReportChatMessageEnabled** | Write | Boolean | TBD | | +| **ReportChatMessageToCustomizedAddressEnabled** | Write | Boolean | TBD | | | **Ensure** | Write | String | Specifies if this report submission policy should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | From f08430d538600c690a86367bbdd551b3e25f6758 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 24 Feb 2025 15:39:03 +0000 Subject: [PATCH 16/26] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index fd1d050716..3e979c7990 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -29890,6 +29890,96 @@ } ] }, + { + "ClassName": "MSFT_IntuneDeviceComplianceScriptWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "Boolean", + "Name": "EnforceSignatureCheck", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Publisher", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RoleScopeTagIds", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "RunAs32Bit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RunAsAccount", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DetectionScriptContent", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneGroupPolicyDefinitionValueDefinition", "Parameters": [ From f30b2f7f03a0a75682b36e13473fbe8f7bb3968f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 24 Feb 2025 15:40:28 +0000 Subject: [PATCH 17/26] Updated {Create} Intune Integration Tests --- .../M365DSCIntegration.INTUNE.Create.Tests.ps1 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index c5a90dac87..54b17284a4 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -675,6 +675,20 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneDeviceComplianceScriptWindows10 'Example' + { + DisplayName = "custom"; + Ensure = "Present"; + EnforceSignatureCheck = $False; + Id = "00000000-0000-0000-0000-000000000000"; + RunAs32Bit = $True; + RunAsAccount = "system"; + DetectionScriptContent = "Write-Output `$true"; + Publisher = ""; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' { Assignments = @( From 3fe3a28e0ab1bab67955cbe70385233e04bb9d66 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 24 Feb 2025 12:12:06 -0500 Subject: [PATCH 18/26] Various EXO fixes --- CHANGELOG.md | 11 +++++++++++ .../MSFT_EXOGroupSettings.psm1 | 1 + .../MSFT_EXOMailboxAutoReplyConfiguration.psm1 | 2 +- .../MSFT_EXOMailboxCalendarFolder.psm1 | 5 ++++- .../MSFT_EXOMailboxPermission.psm1 | 16 +++++----------- .../MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 | 9 ++++++--- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 4 ++-- 7 files changed, 30 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8db571f9d4..03402c77db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,17 @@ * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup * Fixed the ability to set members. + +* EXOGroupSettings + * Removed Id from being evaluated in the Test-TargetResource function. +* EXOMailboxAutoReplyConfiguration + * Changed the Get-TargetResource logic to return UPN instead of Identity. +* EXOMailboxCalendarFolder + * Changed the Get-TargetResource logic to return UPN instead of id. +* EXOMailboxPermission + * Changed the Get-TargetResource logic to return UPN instead of id. +* EXOSweepRule + * Changed the Get-TargetResource logic to return UPN instead of id. * IntuneDeviceComplianceScriptWindows10 * Initial release. * Security & Compliance diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 index 429cb6a63a..d12f98096b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -920,6 +920,7 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + $ValuesToCheck.Remove('Id') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 index 78fd8ac80a..69606d60a4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1 @@ -145,7 +145,7 @@ function Get-TargetResource { $ownerValue = Get-User -Identity $config.Identity $result = @{ - Identity = $config.Identity + Identity = $ownerValue.UserPrincipalName Owner = $ownerValue.UserPrincipalName AutoDeclineFutureRequestsWhenOOF = [Boolean]$config.AutoDeclineFutureRequestsWhenOOF AutoReplyState = $config.AutoReplyState diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 index 71ab06eb42..0ccd26ac22 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1 @@ -103,6 +103,9 @@ function Get-TargetResource try { + $IdentityParts = $Identity.Split(':') + $userInfo = Get-User -Identity $IdentityParts[0] + $IdentityValue = $userInfo.UserPrincipalName + ":" + $IdentityParts[1] $folder = Get-MailboxCalendarFolder -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $folder) @@ -111,7 +114,7 @@ function Get-TargetResource } $result = @{ - Identity = $folder.Identity + Identity = $IdentityValue DetailLevel = $folder.DetailLevel PublishDateRangeFrom = $folder.PublishDateRangeFrom PublishDateRangeTo = $folder.PublishDateRangeTo diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 index d7139ca10d..c8c05f0f9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 @@ -94,17 +94,9 @@ function Get-TargetResource Ensure = 'Absent' } - [Array]$permission = Get-MailboxPermission -Identity $Identity -ErrorAction Stop + [Array]$permissions = Get-MailboxPermission -Identity $Identity -ErrorAction Stop - if ($permission.Length -gt 1) - { - $permission = $permission | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 } - } - - if ($permission.Length -gt 1) - { - $permission = $permission[0] - } + $permission = $permissions | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 } if ($null -eq $permission) { @@ -117,8 +109,10 @@ function Get-TargetResource $permission = $Script:exportedInstance } + $userInfo = Get-User -Identity $permission.Identity + $result = @{ - Identity = $permission.Identity + Identity = $userInfo.UserPrincipalName AccessRights = [Array]$permission.AccessRights.Replace(' ', '').Split(',') InheritanceType = $permission.InheritanceType Owner = $permission.Owner diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 index d99960f4ed..d9644cb024 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1 @@ -106,16 +106,18 @@ function Get-TargetResource return $nullResult } + $userInfo = Get-User -Identity $instance.MailboxOwnerId + $results = @{ Name = $instance.Name Provider = $instance.Provider - DestinationFolder = $instance.MailboxOwnerId + ':\' + $instance.DestinationFolder + DestinationFolder = $userInfo.UserPrincipalName + ':\' + $instance.DestinationFolder Enabled = [Boolean]$instance.Enabled KeepForDays = $instance.KeepForDays KeepLatest = $instance.KeepLatest - Mailbox = $instance.MailboxOwnerId + Mailbox = $userInfo.UserPrincipalName SenderName = $instance.Sender.Split('"')[1] - SourceFolder = $instance.MailboxOwnerId + ':\' + $instance.SourceFolder + SourceFolder = $userInfo.UserPrincipalName + ':\' + $instance.SourceFolder SystemCategory = $instance.SystemCategory Ensure = 'Present' Credential = $Credential @@ -243,6 +245,7 @@ function Set-TargetResource Write-Verbose -Message 'Updating existing Sweep Rule.' $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript { $_.Name -eq $Name } $SetParameters.Add('Identity', $instance.RuleId) + Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $SetParameters -Depth 10)" Set-SweepRule @SetParameters } # REMOVE diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index 6b9b5ef5ce..f7b60a050f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -121,7 +121,7 @@ function Get-TargetResource Write-Verbose -Message $Message return @{ GroupId = $Group.Id - GroupDisplayName = $Group.Displayname + GroupDisplayName = $Group.DisplayName PolicyType = $GroupPolicyAssignment.PolicyType PolicyName = $GroupPolicyAssignment.PolicyName Priority = $GroupPolicyAssignment.Priority @@ -443,7 +443,7 @@ function Export-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } - #$results = Get-TargetResource @getParams + #$results = Get-TargetResource @results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` From afb688a1ea392a8a6d4cdcf14f6cc3ab4a1c8514 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 24 Feb 2025 12:13:24 -0500 Subject: [PATCH 19/26] Update CHANGELOG.md --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03402c77db..2c0c9fcc04 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,6 @@ * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup * Fixed the ability to set members. - * EXOGroupSettings * Removed Id from being evaluated in the Test-TargetResource function. * EXOMailboxAutoReplyConfiguration From 5c1358beb5a5394843cb80992d52c6b9544f67f4 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 24 Feb 2025 12:56:04 -0500 Subject: [PATCH 20/26] Fixes Unit Tests --- .../Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 | 5 +++++ .../Microsoft365DSC.EXOMailboxPermission.Tests.ps1 | 8 +++++++- .../Microsoft365DSC.EXOSweepRule.Tests.ps1 | 10 ++++++++-- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 index f6ddb1cca8..4a146aa361 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxCalendarFolder.Tests.ps1 @@ -53,6 +53,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UserPrincipalName = "Bob.Houle@contoso.com" } } + Mock -CommandName Get-User -MockWith { + return @{ + UserPrincipalName = 'john.smith' + } + } } # Test contexts diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxPermission.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxPermission.Tests.ps1 index d9fc353ef8..564d85e3f7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxPermission.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMailboxPermission.Tests.ps1 @@ -37,10 +37,16 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-MailboxPermission -MockWith { } + Mock -CommandName Get-User -MockWith { + return @{ + UserPrincipalName = 'john.smith' + } + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } - $Script:exportedInstances =$null + $Script:exportedInstance =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 index 3dae0bc239..eb063aa83a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOSweepRule.Tests.ps1 @@ -50,6 +50,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Get-User -MockWith { + return @{ + UserPrincipalName = "Test2" + } + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -166,7 +172,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Context -Name "The instance exists and values are NOT in the desired state" -Fixture { - + BeforeAll { $testParams = @{ DestinationFolder = "Deleted Items"; @@ -194,7 +200,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } } - + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' From d0965fca686f377486adc03d958453be1c647289 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 24 Feb 2025 13:21:30 -0500 Subject: [PATCH 21/26] Various AAD Fixes --- CHANGELOG.md | 3 +++ .../MSFT_AADAuthenticationMethodPolicy.psm1 | 18 +++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c0c9fcc04..e67a36514a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ * AADAppplication * Fixed an issue where specifying an empty ReplyURLs array would not remove the existing entries. +* AADAuthenticationMethodPolicy + * DEPRECATED - PolicyMigrationState property is now deprecated since it + cannot be set. * EXOCalendarProcessing * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index b5726ac698..91f7e261dc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -246,19 +246,11 @@ function Get-TargetResource } #endregion - #region resource generator code - $enumPolicyMigrationState = $null - if ($null -ne $getValue.PolicyMigrationState) - { - $enumPolicyMigrationState = $getValue.PolicyMigrationState.ToString() - } - #endregion - $results = @{ #region resource generator code Description = $getValue.Description DisplayName = $getValue.DisplayName - PolicyMigrationState = $enumPolicyMigrationState + #PolicyMigrationState = $enumPolicyMigrationState #DEPRECATED - Cannot be set PolicyVersion = $getValue.PolicyVersion ReconfirmationInDays = $getValue.ReconfirmationInDays RegistrationEnforcement = $complexRegistrationEnforcement @@ -405,6 +397,13 @@ function Set-TargetResource $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } + + if (-not [System.String]::IsNullOrEmpty($PolicyMigrationState)) + { + Write-Verbose -Message "DEPRECATED - Property PolicyMigrationState cannot be set." + $UpdateParameters.Remove('PolicyMigrationState') | Out-Null + } + #region resource generator code $UpdateParameters.Add('@odata.type', '#microsoft.graph.AuthenticationMethodsPolicy') Write-Verbose -Message "Updating AuthenticationMethodPolicy with: `r`n$(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)" @@ -534,6 +533,7 @@ function Test-TargetResource } $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.remove('PolicyMigrationState') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" From 627988df3cda054f66217bdd8077337562c8d85f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 24 Feb 2025 18:25:03 +0000 Subject: [PATCH 22/26] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 3e979c7990..a50c93400b 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -21403,6 +21403,16 @@ "Name": "ThirdPartyReportAddresses", "Option": "Write" }, + { + "CIMType": "Boolean", + "Name": "ReportChatMessageEnabled", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ReportChatMessageToCustomizedAddressEnabled", + "Option": "Write" + }, { "CIMType": "String", "Name": "Ensure", From d85b7936cb250bd04926ac6dafa731af8491d55c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 24 Feb 2025 15:22:11 -0500 Subject: [PATCH 23/26] AAD Fixes --- CHANGELOG.md | 3 +++ .../MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 | 1 + .../MSFT_AADAuthenticationMethodPolicyFido2.psm1 | 4 +--- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e67a36514a..2d83b63653 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ the existing entries. * AADAuthenticationMethodPolicy * DEPRECATED - PolicyMigrationState property is now deprecated since it +* AADAuthenticationMethodPolicyFido2 + * Fixed issue where the Set-TargetResource was throwing an internal server + error. cannot be set. * EXOCalendarProcessing * Changed the Get-TargetResource logic to return UPN instead of id. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index 2aa573fcff..16506f6633 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -690,6 +690,7 @@ function Set-TargetResource } } #region resource generator code + Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $UpdateParameters -Depth 10)" $UpdateParameters.Add('@odata.type', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration') Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` -AuthenticationMethodConfigurationId $currentInstance.Id ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 index 16563ea3c1..66e656bb0f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1 @@ -341,8 +341,6 @@ function Set-TargetResource $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters - $UpdateParameters.Remove('Id') | Out-Null - $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { @@ -378,7 +376,7 @@ function Set-TargetResource } } #region resource generator code - $UpdateParameters.Add('@odata.type', '#microsoft.graph.fido2AuthenticationMethodConfiguration') + Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $UpdateParameters -Depth 10)" Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` -AuthenticationMethodConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters From 1e08444211b54bcdb1bd055f5ae8832f52de43b7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 25 Feb 2025 15:10:46 -0500 Subject: [PATCH 24/26] Updated Dependencies --- CHANGELOG.md | 5 ++ .../Dependencies/Manifest.psd1 | 48 +++++++++---------- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d83b63653..85a4052036 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,11 @@ * SCPolicyConfig * Handle default values in the Get-TargetResource function. * Added support for the FileCopiedToCloudFullUrlEnabled property. +* DEPENDENCIES + * Updated ExchangeOnlineManagement to version 3.7.1. + * Updated Microsoft.Graph to version 2.26.1. + * Updated MSCloudLoginAssistant to version1 1.1.38. + # 1.25.219.2 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 10e2ddc694..0dd54062c9 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -22,95 +22,95 @@ }, @{ ModuleName = 'ExchangeOnlineManagement' - RequiredVersion = '3.4.0' + RequiredVersion = '3.7.1' }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Applications' - Requiredversion = '2.25.0' + Requiredversion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Devices.CorporateManagement' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Administration' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Enrollment' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.NetworkAccess' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.DirectoryManagement' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.Governance' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.SignIns' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Reports' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Search' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Teams' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DirectoryObjects' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Groups' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Sites' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '2.25.0' + RequiredVersion = '2.26.1' }, @{ ModuleName = 'MicrosoftTeams' @@ -118,7 +118,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.37" + RequiredVersion = "1.1.38" }, @{ ModuleName = 'PnP.PowerShell' From b1329fd1c89d20157bd1886a109c4cf7725b35b4 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 25 Feb 2025 20:21:05 -0500 Subject: [PATCH 25/26] Fixes for caching --- CHANGELOG.md | 8 ++++++-- .../MSFT_AADConditionalAccessPolicy.psm1 | 3 ++- .../MSFT_M365DSCRuleEvaluation.psm1 | 1 + 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85a4052036..d49b68c7e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ # UNRELEASED -* AADAppplication +* AADApplication * Fixed an issue where specifying an empty ReplyURLs array would not remove the existing entries. * AADAuthenticationMethodPolicy @@ -10,7 +10,9 @@ * AADAuthenticationMethodPolicyFido2 * Fixed issue where the Set-TargetResource was throwing an internal server error. - cannot be set. +* AADConditionalAccessPolicy + * Added check to ensure the cached policy (export) is the current policy when + evaluating in the Get-TargetResource function. * EXOCalendarProcessing * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup @@ -27,6 +29,8 @@ * Changed the Get-TargetResource logic to return UPN instead of id. * IntuneDeviceComplianceScriptWindows10 * Initial release. +* M365DSCRuleEvaluation + * Clear the cached instances from the export operation after evaluating the rules. * Security & Compliance * Updated export functions to remove skipping of loading module, to prevent missing cmdlet errors that are causing failing exports. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index d671945b29..ac464cdf98 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -263,7 +263,7 @@ function Get-TargetResource $AccessTokens ) - if (-not $Script:exportedInstance) + if (-not $Script:exportedInstance -or $Script:exportedInstance.DisplayName -ne $DisplayName) { Write-Verbose -Message 'Getting configuration of AzureAD Conditional Access Policy' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` @@ -319,6 +319,7 @@ function Get-TargetResource } else { + Write-Verbose -Message "Using cached policy {$($Script:exportedInstance.DisplayName)}" $Policy = $Script:exportedInstance } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index 772fa36435..ba8359f284 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -380,6 +380,7 @@ function Test-TargetResource Write-Verbose -Message "Test-TargetResource returned $result" + $Script:exportedInstance = $null return $result } } From 46db79bd256ca5de5dab217e89187c8ff287b098 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 25 Feb 2025 20:24:20 -0500 Subject: [PATCH 26/26] Release 1.25.219.3 --- CHANGELOG.md | 3 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 89 +++++++++----------- 2 files changed, 39 insertions(+), 53 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d49b68c7e5..bd20e5600c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.25.219.3 * AADApplication * Fixed an issue where specifying an empty ReplyURLs array would not remove @@ -42,7 +42,6 @@ * Updated Microsoft.Graph to version 2.26.1. * Updated MSCloudLoginAssistant to version1 1.1.38. - # 1.25.219.2 * AADAccessReviewPolicy diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index bc259badee..65e27b3375 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2025-02-20 +# Generated on: 2025-02-25 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.25.219.2' + ModuleVersion = '1.25.219.3' # Supported PSEditions # CompatiblePSEditions = @() @@ -149,58 +149,45 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAccessReviewPolicy - * Missing AccessReview permission for Application Read access - FIXES [#5796](https://github.com/microsoft/Microsoft365DSC/issues/5796) -* AADApplication - * Test-TargetResource logic updated to skip evaluating CIMArrays that are empty - when passed as desired values. -* AADDeviceRegistrationPolicy - * Fixed an issue where the AzureADJoinIsAdminConfigurable was not returned by the - Get-TargetResource function. - * Fix issue setting Selected Users and Groups for Entra Join. - FIXES [#5798](https://github.com/microsoft/Microsoft365DSC/issues/5798) -* AADGroup - * Returns an empty array for roles and licenses from the Get-TargetResource - function instead of null when no instances are found. -* AADRoleEligibilityScheduleRequest - * Reduce call count when reconciling object type - FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621) -* AADServicePrincipal - * Evaluating assigned users based on UPN and not just on DisplayName. - * FIXES [#5359](https://github.com/microsoft/Microsoft365DSC/issues/5359) AADServicePrincipal fails on Managed Identities when DelegatedPermissions returns 500 response -* ADOSecurityPolicy - * Fixes an issue where the resource threw an error trying to parse the default - values. + ReleaseNotes = '* AADApplication + * Fixed an issue where specifying an empty ReplyURLs array would not remove + the existing entries. +* AADAuthenticationMethodPolicy + * DEPRECATED - PolicyMigrationState property is now deprecated since it +* AADAuthenticationMethodPolicyFido2 + * Fixed issue where the Set-TargetResource was throwing an internal server + error. +* AADConditionalAccessPolicy + * Added check to ensure the cached policy (export) is the current policy when + evaluating in the Get-TargetResource function. +* EXOCalendarProcessing + * Changed the Get-TargetResource logic to return UPN instead of id. * EXODistributionGroup - * Changed logic to retrieve existing members by UserPrincipalName. -* EXORoleGroup - * Evaluating assigned users based on UPN and not just on DisplayName if they - have an associated mailbox. -* IntuneDeviceManagementEnrollmentAndroidGooglePlay - * Marked the Id property as mandatory in the resource. + * Fixed the ability to set members. +* EXOGroupSettings + * Removed Id from being evaluated in the Test-TargetResource function. +* EXOMailboxAutoReplyConfiguration + * Changed the Get-TargetResource logic to return UPN instead of Identity. +* EXOMailboxCalendarFolder + * Changed the Get-TargetResource logic to return UPN instead of id. +* EXOMailboxPermission + * Changed the Get-TargetResource logic to return UPN instead of id. +* EXOSweepRule + * Changed the Get-TargetResource logic to return UPN instead of id. +* IntuneDeviceComplianceScriptWindows10 + * Initial release. * M365DSCRuleEvaluation - * Added support for specifying a Filter property. -* M365DSCUtil - * Add M365DSC prefix to `Remove-EmptyValue`. - * Fixes an issue with `Credential` property being escaped and indentation. - * Adds the possibility to allow variables in strings and no authentication - results update during conversion to final export. - FIXES [#3861](https://github.com/microsoft/Microsoft365DSC/issues/3861) -* SCInsiderRiskPolicy - * Enforces the MDATPTriageStatus to be a string array. -* SCSensitivityLabel - * Fixes invalid accepted content type values. -* TeamsAppPermissionPolicy - * Updated correct Typecasting for AppPresetMeeting and PinnedMessagebarApps - before adding them to the policy -* TeamsAppSetupPolicy - * FIXES [[#5752](https://github.com/microsoft/Microsoft365DSC/issues/5752) -* TeamsM365App - * Remove `Ensure` property from being exported. - FIXES [#5781](https://github.com/microsoft/Microsoft365DSC/issues/5781) + * Clear the cached instances from the export operation after evaluating the rules. +* Security & Compliance + * Updated export functions to remove skipping of loading module, to prevent + missing cmdlet errors that are causing failing exports. +* SCPolicyConfig + * Handle default values in the Get-TargetResource function. + * Added support for the FileCopiedToCloudFullUrlEnabled property. * DEPENDENCIES - * Updated ReverseDSC to version 2.0.0.27' + * Updated ExchangeOnlineManagement to version 3.7.1. + * Updated Microsoft.Graph to version 2.26.1. + * Updated MSCloudLoginAssistant to version1 1.1.38.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false