Merge pull request #4141 from microsoft/Dev

Release 1.24.110.1

.github/workflows/Global - Integration - AAD.yml

@@ -86,3 +86,120 @@ jobs:
           {
             Write-Host "All resources in the Tenant are in the Desired State"
           }
+      - name: Generate {Update} Integration Tests from Examples
+        shell: powershell
+        run: |
+          Import-Module './Tests/Integration/M365DSCTestEngine.psm1'
+          New-M365DSCIntegrationTest -Workload AAD -Step '2-Update'
+      - name: Commit {Update} Integration Tests
+        shell: powershell
+        run: |
+          git config --local user.email "nicharl@microsoft.com"
+          git config --local user.name "NikCharlebois"
+          git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/Integration/*
+          git pull
+          git commit -m "Updated {Update} AAD Integration Tests"
+          git push
+          $SHA = git rev-parse HEAD
+          echo "commitid=$SHA" >> $env:GITHUB_OUTPUT
+      - name: Run {Update} Integration Tests
+        shell: powershell
+        env:
+          INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }}
+          INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }}
+        run: |
+          $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force
+          $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword)
+          try
+          {
+            & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.AAD.Update.Tests.ps1 -Credential $Credential
+          }
+          catch
+          {
+            throw $_
+          }
+
+          try
+          {
+            $Result = Test-DSCConfiguration -Detailed -Verbose -ErrorAction Stop
+          }
+          catch
+          {
+            throw $_
+          }
+
+          Write-Host ""
+
+          if ($Result.InDesiredState -eq $false)
+          {
+            Write-Host -Message "Resources below are not in the Desired State:"
+            foreach ($Resource in $Result.ResourcesNotInDesiredState)
+            {
+                Write-Host $Resource.InstanceName
+            }
+
+            throw "Could not validate that the Tenant is in the Desired State"
+          }
+          else
+          {
+            Write-Host "All resources in the Tenant are in the Desired State"
+          }
+      - name: Generate {Remove} Integration Tests from Examples
+        shell: powershell
+        run: |
+            Import-Module './Tests/Integration/M365DSCTestEngine.psm1'
+            New-M365DSCIntegrationTest -Workload AAD -Step '3-Remove'
+      - name: Commit {Remove} Integration Tests
+        shell: powershell
+        run: |
+            git config --local user.email "nicharl@microsoft.com"
+            git config --local user.name "NikCharlebois"
+            git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/Integration/*
+            git pull
+            git commit -m "Updated {Update} AAD Integration Tests"
+            git push
+            $SHA = git rev-parse HEAD
+            echo "commitid=$SHA" >> $env:GITHUB_OUTPUT
+      - name: Run {Remove} Integration Tests
+        shell: powershell
+        env:
+          INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }}
+          INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }}
+        run: |
+            $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force
+            $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword)
+            try
+            {
+              & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.AAD.Remove.Tests.ps1 -Credential $Credential
+            }
+            catch
+            {
+              throw $_
+            }
+
+            try
+            {
+              $Result = Test-DSCConfiguration -Detailed -Verbose -ErrorAction Stop
+            }
+            catch
+            {
+              throw $_
+            }
+
+            Write-Host ""
+
+            if ($Result.InDesiredState -eq $false)
+            {
+              Write-Host -Message "Resources below are not in the Desired State:"
+              foreach ($Resource in $Result.ResourcesNotInDesiredState)
+              {
+                  Write-Host $Resource.InstanceName
+              }
+
+              throw "Could not validate that the Tenant is in the Desired State"
+            }
+            else
+            {
+              Write-Host "All resources in the Tenant are in the Desired State"
+            }
+

CHANGELOG.md

@@ -1,5 +1,31 @@
 # Change log for Microsoft365DSC
 
+# 1.24.110.1
+
+* AADAdministrativeUnit
+  * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1.
+* AADAuthenticationMethodPolicyX509
+  * Added support for the  property for include targets
+* AADConditionalAccessPolicy
+  * Added support for application filters in the conditions.
+  * Implement Fix #3885. Manage Exclude Application.
+    FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)]
+* EXOHostedContentFilterPolicy
+  * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders,
+    BlockSenderDomains if desired state is empty but current state is not empty.
+    FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124)
+* EXOMailContact
+  * Added support for Custom Attributes and Extension Custom Attributes.
+* IntuneDeviceConfigurationPolicyMacOS
+  * Fix workaround added on PR #4099 in order to be able to use this resource
+    for deployments
+    FIXES [#4105](https://github.com/microsoft/Microsoft365DSC/issues/4105)
+* SCDLPComplianceRule
+  * Fix type of AccessScope
+    FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463)
+* TeamsTenantDialPlan
+  * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767)
+
 # 1.24.103.1
 
 * AADConditionalAccessPolicy
@@ -45,6 +71,9 @@
 * EXOMailboxCalendarFolder
   * Add support for non-English calendar folder names during export
     FIXES [#4056](https://github.com/microsoft/Microsoft365DSC/issues/4056)
+* EXOMailboxPermission
+  * Ignore SendAs permissions during export
+    FIXES [#3942](https://github.com/microsoft/Microsoft365DSC/issues/3942)
 * EXOTransportRule
   * Fix export of enabled state
     FIXES [#3932](https://github.com/microsoft/Microsoft365DSC/issues/3932)

Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1

@@ -170,17 +170,17 @@ function Get-TargetResource
             #endregion
         }
 
-        if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.MembershipType))
+        if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipType))
         {
-            $results.Add('MembershipType', $getValue.AdditionalProperties.MembershipType)
+            $results.Add('MembershipType', $getValue.AdditionalProperties.membershipType)
         }
-        if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.MembershipRule))
+        if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipRule))
         {
-            $results.Add('MembershipRule', $getValue.AdditionalProperties.MembershipRule)
+            $results.Add('MembershipRule', $getValue.AdditionalProperties.membershipRule)
         }
-        if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.MembershipRuleProcessingState))
+        if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipRuleProcessingState))
         {
-            $results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.MembershipRuleProcessingState)
+            $results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.membershipRuleProcessingState)
         }
 
         Write-Verbose -Message "AU {$DisplayName} MembershipType {$($results.MembershipType)}"
@@ -543,7 +543,6 @@ function Set-TargetResource
             # ScopedRoleMember-info is added after the AU is created
         }
         $CreateParameters.Remove('ScopedRoleMembers') | Out-Null
-
     }
 
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
@@ -604,8 +603,11 @@ function Set-TargetResource
         $UpdateParameters.Remove('ScopedRoleMembers') | Out-Null
 
         #region resource generator code
-        Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters `
-            -AdministrativeUnitId $currentInstance.Id
+        $jsonParams = ConvertTo-Json $UpdateParameters
+        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
+        Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $jsonParams
+        <#Update-MgBetaDirectoryAdministrativeUnit @UpdateParameters `
+            -AdministrativeUnitId $currentInstance.Id #>
 
         #endregion
 
@@ -689,7 +691,7 @@ function Set-TargetResource
                 $desiredScopedRoleMembersValue = @()
             }
 
-            # flatten hashtabls for compare
+            # flatten hashtables for compare
             $compareCurrentScopedRoleMembersValue = @()
             foreach ($roleMember in $currentScopedRoleMembersValue)
             {

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof

@@ -14,7 +14,7 @@ class MSFT_AADApplication : OMI_BaseResource
     [Write, Description("ObjectID of the app.")] String ObjectId;
     [Write, Description("AppId for the app.")] String AppId;
     [Write, Description("Indicates whether this application is available in other tenants.")] Boolean AvailableToOtherTenants;
-    [Write, Description("A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of.")] String GroupMembershipClaims;
+    [Write, Description("A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.")] String GroupMembershipClaims;
     [Write, Description("The URL to the application's homepage.")] String Homepage;
     [Write, Description("User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.")] string IdentifierUris[];
     [Write, Description("Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.")] Boolean IsFallbackPublicClient;

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1

@@ -509,44 +509,56 @@ function Set-TargetResource
 
         $UpdateParameters.Remove('Id') | Out-Null
         # replace group Displayname with group id
-        if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
+        if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -and `
+            $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
             $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState'))
         {
+            Write-Verbose -Message 'Retrieving companionAppAllowedState include target'
             $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id)'" | Out-String
             $groupid = (Get-MgGroup -Filter $Filter).id.ToString()
             $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid)
         }
-        if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
+        if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -and `
+            $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
             $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState'))
         {
+            Write-Verbose -Message 'Retrieving companionAppAllowedState include target'
             $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id)'" | Out-String
             $groupid = (Get-MgGroup -Filter $Filter).id.ToString()
             $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid)
         }
-        if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
+        if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -and `
+            $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
             $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState'))
         {
+            Write-Verbose -Message 'Retrieving displayAppInformationRequiredState include target'
             $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id)'" | Out-String
             $groupid = (Get-MgGroup -Filter $Filter).id.ToString()
             $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid)
         }
-        if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
+        if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -and `
+            $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
             $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState'))
         {
+            Write-Verbose -Message 'Retrieving displayAppInformationRequiredState exclude target'
             $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id)'" | Out-String
             $groupid = (Get-MgGroup -Filter $Filter).id.ToString()
             $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid)
         }
-        if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
-        $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState'))
+        if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -and `
+            $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
+            $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState'))
         {
+            Write-Verbose -Message 'Retrieving displayLocationInformationRequiredState include target'
             $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id)'" | Out-String
             $groupid = (Get-MgGroup -Filter $Filter).id.ToString()
             $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid)
         }
-        if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
+        if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -and `
+            $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
             $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState'))
         {
+            Write-Verbose -Message 'Retrieving displayLocationInformationRequiredState exclude target'
             $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id)'" | Out-String
             $groupid = (Get-MgGroup -Filter $Filter).id.ToString()
             $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.foreach('id',$groupid)

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyTemporary/MSFT_AADAuthenticationMethodPolicyTemporary.psm1

@@ -101,16 +101,17 @@ function Get-TargetResource
         #endregion
         if ($null -eq $getValue)
         {
-            Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary with DisplayName {$DisplayName}"
+            Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy Temporary"
             return $nullResult
         }
         $Id = $getValue.Id
-        Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$Id} and DisplayName {$DisplayName} was found."
+        Write-Verbose -Message "An Azure AD Authentication Method Policy Temporary with Id {$($currentExcludeTargets.id))} was found."
 
         #region resource generator code
         $complexExcludeTargets = @()
         foreach ($currentExcludeTargets in $getValue.excludeTargets)
         {
+            Write-Verbose -Message "Retrieving ExcludeTarget {$currentExcludeTargets}"
             $myExcludeTargets = @{}
             if ($currentExcludeTargets.id -ne 'all_users'){
                 $myExcludeTargetsDisplayName = get-MgGroup -GroupId $currentExcludeTargets.id
@@ -133,6 +134,7 @@ function Get-TargetResource
         $complexincludeTargets = @()
         foreach ($currentincludeTargets in $getValue.AdditionalProperties.includeTargets)
         {
+            Write-Verbose -Message "Retrieving IncludeTarget {$($currentincludeTargets.id)}"
             $myincludeTargets = @{}
             if ($currentIncludeTargets.id -ne 'all_users'){
                 $myIncludeTargetsDisplayName = get-MgGroup -GroupId $currentIncludeTargets.id
@@ -158,6 +160,7 @@ function Get-TargetResource
         }
         #endregion
 
+        Write-Verbose -Message "Get-TargetResource returned values"
         $results = @{
             #region resource generator code
             DefaultLength            = $getValue.AdditionalProperties.defaultLength
@@ -486,6 +489,7 @@ function Test-TargetResource
     $testResult = $true
 
     #Compare Cim instances
+    Write-Verbose -Message "Evaluating keys"
     foreach ($key in $PSBoundParameters.Keys)
     {
         $source = $PSBoundParameters.$key