Release 1.25.219.3

CHANGELOG.md

@@ -1,6 +1,48 @@
 # Change log for Microsoft365DSC
 
-# 1.25.219.1
+# 1.25.219.3
+
+* AADApplication
+  * Fixed an issue where specifying an empty ReplyURLs array would not remove
+    the existing entries.
+* AADAuthenticationMethodPolicy
+  * DEPRECATED - PolicyMigrationState property is now deprecated since it
+* AADAuthenticationMethodPolicyFido2
+  * Fixed issue where the Set-TargetResource was throwing an internal server
+    error.
+* AADConditionalAccessPolicy
+  * Added check to ensure the cached policy (export) is the current policy when
+    evaluating in the Get-TargetResource function.
+* EXOCalendarProcessing
+  * Changed the Get-TargetResource logic to return UPN instead of id.
+* EXODistributionGroup
+  * Fixed the ability to set members.
+* EXOGroupSettings
+  * Removed Id from being evaluated in the Test-TargetResource function.
+* EXOMailboxAutoReplyConfiguration
+  * Changed the Get-TargetResource logic to return UPN instead of Identity.
+* EXOMailboxCalendarFolder
+  * Changed the Get-TargetResource logic to return UPN instead of id.
+* EXOMailboxPermission
+  * Changed the Get-TargetResource logic to return UPN instead of id.
+* EXOSweepRule
+  * Changed the Get-TargetResource logic to return UPN instead of id.
+* IntuneDeviceComplianceScriptWindows10
+  * Initial release.
+* M365DSCRuleEvaluation
+  * Clear the cached instances from the export operation after evaluating the rules.
+* Security & Compliance
+  * Updated export functions to remove skipping of loading module, to prevent
+    missing cmdlet errors that are causing failing exports.
+* SCPolicyConfig
+  * Handle default values in the Get-TargetResource function.
+  * Added support for the FileCopiedToCloudFullUrlEnabled property.
+* DEPENDENCIES
+  * Updated ExchangeOnlineManagement to version 3.7.1.
+  * Updated Microsoft.Graph to version 2.26.1.
+  * Updated MSCloudLoginAssistant to version1 1.1.38.
+
+# 1.25.219.2
 
 * AADAccessReviewPolicy
   * Missing AccessReview permission for Application Read access
@@ -29,6 +71,8 @@
     values.
 * EXODistributionGroup
   * Changed logic to retrieve existing members by UserPrincipalName.
+* EXOReportSubmissionPolicy
+  * Add ReportChatMessageEnabled, ReportChatMessageToCustomizedAddressEnabled
 * EXORoleGroup
   * Evaluating assigned users based on UPN and not just on DisplayName if they
     have an associated mailbox.

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -799,19 +799,21 @@ function Set-TargetResource
         $currentParameters.Add('Api', $apiValue)
     }
 
-    if ($ReplyUrls -or $LogoutURL -or $Homepage)
+    if ($PSBoundParameters.ContainsKey('ReplyUrls') -or `
+        $PSBoundParameters.ContainsKey('LogoutURL') -or `
+        $PSBoundParameters.ContainsKey('Homepage'))
     {
         $webValue = @{}
 
-        if ($ReplyUrls)
+        if ($PSBoundParameters.ContainsKey('ReplyUrls'))
         {
             $webValue.Add('RedirectUris', $currentParameters.ReplyURLs)
         }
-        if ($LogoutURL)
+        if ($PSBoundParameters.ContainsKey('LogoutURL'))
         {
             $webValue.Add('LogoutUrl', $currentParameters.LogoutURL)
         }
-        if ($Homepage)
+        if ($PSBoundParameters.ContainsKey('Homepage'))
         {
             $webValue.Add('HomePageUrl', $currentParameters.Homepage)
         }

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1

@@ -246,19 +246,11 @@ function Get-TargetResource
         }
         #endregion
 
-        #region resource generator code
-        $enumPolicyMigrationState = $null
-        if ($null -ne $getValue.PolicyMigrationState)
-        {
-            $enumPolicyMigrationState = $getValue.PolicyMigrationState.ToString()
-        }
-        #endregion
-
         $results = @{
             #region resource generator code
             Description                      = $getValue.Description
             DisplayName                      = $getValue.DisplayName
-            PolicyMigrationState             = $enumPolicyMigrationState
+            #PolicyMigrationState             = $enumPolicyMigrationState #DEPRECATED - Cannot be set
             PolicyVersion                    = $getValue.PolicyVersion
             ReconfirmationInDays             = $getValue.ReconfirmationInDays
             RegistrationEnforcement          = $complexRegistrationEnforcement
@@ -405,6 +397,13 @@ function Set-TargetResource
                 $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key
             }
         }
+
+        if (-not [System.String]::IsNullOrEmpty($PolicyMigrationState))
+        {
+            Write-Verbose -Message "DEPRECATED - Property PolicyMigrationState cannot be set."
+            $UpdateParameters.Remove('PolicyMigrationState') | Out-Null
+        }
+
         #region resource generator code
         $UpdateParameters.Add('@odata.type', '#microsoft.graph.AuthenticationMethodsPolicy')
         Write-Verbose -Message "Updating AuthenticationMethodPolicy with: `r`n$(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)"
@@ -534,6 +533,7 @@ function Test-TargetResource
     }
 
     $ValuesToCheck.remove('Id') | Out-Null
+    $ValuesToCheck.remove('PolicyMigrationState') | Out-Null
 
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1

@@ -690,6 +690,7 @@ function Set-TargetResource
             }
         }
         #region resource generator code
+        Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $UpdateParameters -Depth 10)"
         $UpdateParameters.Add('@odata.type', '#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration')
         Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration  `
             -AuthenticationMethodConfigurationId $currentInstance.Id `

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.psm1

@@ -341,8 +341,6 @@ function Set-TargetResource
         $UpdateParameters = ([Hashtable]$BoundParameters).clone()
         $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters
 
-        $UpdateParameters.Remove('Id') | Out-Null
-
         $keys = (([Hashtable]$UpdateParameters).clone()).Keys
         foreach ($key in $keys)
         {
@@ -378,7 +376,7 @@ function Set-TargetResource
             }
         }
         #region resource generator code
-        $UpdateParameters.Add('@odata.type', '#microsoft.graph.fido2AuthenticationMethodConfiguration')
+        Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $UpdateParameters -Depth 10)"
         Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration  `
             -AuthenticationMethodConfigurationId $currentInstance.Id `
             -BodyParameter $UpdateParameters

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -263,7 +263,7 @@ function Get-TargetResource
         $AccessTokens
     )
 
-    if (-not $Script:exportedInstance)
+    if (-not $Script:exportedInstance -or $Script:exportedInstance.DisplayName -ne $DisplayName)
     {
         Write-Verbose -Message 'Getting configuration of AzureAD Conditional Access Policy'
         $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
@@ -319,6 +319,7 @@ function Get-TargetResource
     }
     else
     {
+        Write-Verbose -Message "Using cached policy {$($Script:exportedInstance.DisplayName)}"
         $Policy = $Script:exportedInstance
     }
 

Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1

@@ -270,7 +270,7 @@ function Get-TargetResource
         }
 
         $result = @{
-            Identity                             = $calendarProc.Identity
+            Identity                             = $Identity
             AddAdditionalResponse                = $calendarProc.AddAdditionalResponse
             AdditionalResponse                   = $calendarProc.AdditionalResponse
             AddNewRequestsTentatively            = $calendarProc.AddNewRequestsTentatively
@@ -906,7 +906,7 @@ function Export-TargetResource
                 $Global:M365DSCExportResourceInstancesCount++
             }
 
-            Write-Host "    |---[$i/$($mailboxes.Count)] $($mailbox.Identity.Split('-')[0])" -NoNewline
+            Write-Host "    |---[$i/$($mailboxes.Count)] $($mailbox.UserPrincipalName)" -NoNewline
             $Params = @{
                 Identity              = $mailbox.UserPrincipalName
                 Credential            = $Credential

Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1

@@ -708,7 +708,41 @@ function Set-TargetResource
         }
         $currentParameters.Remove('OrganizationalUnit') | Out-Null
         $currentParameters.Remove('Type') | Out-Null
-        $currentParameters.Remove('Members') | Out-Null
+
+        # Members
+        if ($null -ne $Members)
+        {
+            $membersDiff = Compare-Object -ReferenceObject $currentDistributionGroup.Members -DifferenceObject $Members
+            $membersToAdd = @()
+            $membersToRemove = @()
+            foreach ($difference in $membersDiff)
+            {
+                if ($difference.SideIndicator -eq '=>')
+                {
+                    $membersToAdd += $difference.InputObject
+                }
+                elseif ($difference.SideIndicator -eq '<=')
+                {
+                    $membersToRemove += $difference.InputObject
+                }
+            }
+
+            foreach ($member in $membersToAdd)
+            {
+                Write-Verbose -Message "Adding member {$member}"
+                Add-DistributionGroupMember -Identity $Identity -Member $member -BypassSecurityGroupManagerCheck
+            }
+            foreach ($member in $membersToRemove)
+            {
+                Write-Verbose -Message "Removing member {$member}"
+                Remove-DistributionGroupMember -Identity $Identity `
+                                            -Member $member `
+                                            -BypassSecurityGroupManagerCheck `
+                                            -Confirm:$false
+            }
+            $currentParameters.Remove('Members') | Out-Null
+        }
+
 
         if ($EmailAddresses.Length -gt 0)
         {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1

@@ -920,6 +920,7 @@ function Test-TargetResource
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
     $ValuesToCheck = $PSBoundParameters
+    $ValuesToCheck.Remove('Id') | Out-Null
     $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `
         -DesiredValues $PSBoundParameters `

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1

@@ -145,7 +145,7 @@ function Get-TargetResource
         {
             $ownerValue = Get-User -Identity $config.Identity
             $result = @{
-                Identity                         = $config.Identity
+                Identity                         = $ownerValue.UserPrincipalName
                 Owner                            = $ownerValue.UserPrincipalName
                 AutoDeclineFutureRequestsWhenOOF = [Boolean]$config.AutoDeclineFutureRequestsWhenOOF
                 AutoReplyState                   = $config.AutoReplyState

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1

@@ -103,6 +103,9 @@ function Get-TargetResource
 
     try
     {
+        $IdentityParts = $Identity.Split(':')
+        $userInfo = Get-User -Identity $IdentityParts[0]
+        $IdentityValue = $userInfo.UserPrincipalName + ":" + $IdentityParts[1]
         $folder = Get-MailboxCalendarFolder -Identity $Identity -ErrorAction SilentlyContinue
 
         if ($null -eq $folder)
@@ -111,7 +114,7 @@ function Get-TargetResource
         }
 
         $result = @{
-            Identity                    = $folder.Identity
+            Identity                    = $IdentityValue
             DetailLevel                 = $folder.DetailLevel
             PublishDateRangeFrom        = $folder.PublishDateRangeFrom
             PublishDateRangeTo          = $folder.PublishDateRangeTo

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1

@@ -94,17 +94,9 @@ function Get-TargetResource
                 Ensure   = 'Absent'
             }
 
-            [Array]$permission = Get-MailboxPermission -Identity $Identity -ErrorAction Stop
+            [Array]$permissions = Get-MailboxPermission -Identity $Identity -ErrorAction Stop
 
-            if ($permission.Length -gt 1)
-            {
-                $permission = $permission | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 }
-            }
-
-            if ($permission.Length -gt 1)
-            {
-                $permission = $permission[0]
-            }
+            $permission = $permissions | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 }
 
             if ($null -eq $permission)
             {
@@ -117,8 +109,10 @@ function Get-TargetResource
             $permission = $Script:exportedInstance
         }
 
+        $userInfo = Get-User -Identity $permission.Identity
+
         $result = @{
-            Identity              = $permission.Identity
+            Identity              = $userInfo.UserPrincipalName
             AccessRights          = [Array]$permission.AccessRights.Replace(' ', '').Split(',')
             InheritanceType       = $permission.InheritanceType
             Owner                 = $permission.Owner

Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.psm1

@@ -105,6 +105,14 @@ function Get-TargetResource
         [System.String[]]
         $ThirdPartyReportAddresses = @(),
 
+        [Parameter()]
+        [System.Boolean]
+        $ReportChatMessageEnabled,
+
+        [Parameter()]
+        [System.Boolean]
+        $ReportChatMessageToCustomizedAddressEnabled,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -209,6 +217,8 @@ function Get-TargetResource
                 ReportPhishAddresses             = $ReportSubmissionPolicy.ReportPhishAddresses
                 ReportPhishToCustomizedAddress   = $ReportSubmissionPolicy.ReportPhishToCustomizedAddress
                 ThirdPartyReportAddresses        = $ReportSubmissionPolicy.ThirdPartyReportAddresses
+                ReportChatMessageEnabled         = $ReportSubmissionPolicy.ReportChatMessageEnabled
+                ReportChatMessageToCustomizedAddressEnabled = $ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled
                 Credential                       = $Credential
                 Ensure                           = 'Present'
                 ApplicationId                    = $ApplicationId
@@ -344,6 +354,14 @@ function Set-TargetResource
         [System.String[]]
         $ThirdPartyReportAddresses = @(),
 
+        [Parameter()]
+        [System.Boolean]
+        $ReportChatMessageEnabled,
+
+        [Parameter()]
+        [System.Boolean]
+        $ReportChatMessageToCustomizedAddressEnabled,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -538,6 +556,14 @@ function Test-TargetResource
         [System.String[]]
         $ThirdPartyReportAddresses = @(),
 
+        [Parameter()]
+        [System.Boolean]
+        $ReportChatMessageEnabled,
+
+        [Parameter()]
+        [System.Boolean]
+        $ReportChatMessageToCustomizedAddressEnabled,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]

Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionPolicy/MSFT_EXOReportSubmissionPolicy.schema.mof

@@ -27,6 +27,8 @@ class MSFT_EXOReportSubmissionPolicy : OMI_BaseResource
     [Write, Description("The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.")] String ReportPhishAddresses[];
     [Write, Description("The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.")] Boolean ReportPhishToCustomizedAddress;
     [Write, Description("Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.")] String ThirdPartyReportAddresses[];
+    [Write, Description("TBD")] Boolean ReportChatMessageEnabled;
+    [Write, Description("TBD")] Boolean ReportChatMessageToCustomizedAddressEnabled;
     [Write, Description("Specifies if this report submission policy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

Modules/Microsoft365DSC/DSCResources/MSFT_EXOSweepRule/MSFT_EXOSweepRule.psm1

@@ -106,16 +106,18 @@ function Get-TargetResource
             return $nullResult
         }
 
+        $userInfo = Get-User -Identity $instance.MailboxOwnerId
+
         $results = @{
             Name                  = $instance.Name
             Provider              = $instance.Provider
-            DestinationFolder     = $instance.MailboxOwnerId + ':\' + $instance.DestinationFolder
+            DestinationFolder     = $userInfo.UserPrincipalName + ':\' + $instance.DestinationFolder
             Enabled               = [Boolean]$instance.Enabled
             KeepForDays           = $instance.KeepForDays
             KeepLatest            = $instance.KeepLatest
-            Mailbox               = $instance.MailboxOwnerId
+            Mailbox               = $userInfo.UserPrincipalName
             SenderName            = $instance.Sender.Split('"')[1]
-            SourceFolder          = $instance.MailboxOwnerId + ':\' + $instance.SourceFolder
+            SourceFolder          = $userInfo.UserPrincipalName + ':\' + $instance.SourceFolder
             SystemCategory        = $instance.SystemCategory
             Ensure                = 'Present'
             Credential            = $Credential
@@ -243,6 +245,7 @@ function Set-TargetResource
         Write-Verbose -Message 'Updating existing Sweep Rule.'
         $instance = Get-SweepRule -Mailbox $Mailbox | Where-Object -FilterScript { $_.Name -eq $Name }
         $SetParameters.Add('Identity', $instance.RuleId)
+        Write-Verbose -Message "Parameters:`r`n$(ConvertTo-Json $SetParameters -Depth 10)"
         Set-SweepRule @SetParameters
     }
     # REMOVE