Merge pull request #5287 from ykuijs/Dev

Fixed #5266 and issue in NamedLocationPolicy

CHANGELOG.md

@@ -22,6 +22,8 @@
   * Initial release.
 * AADIdentityProtectionPolicySettings
   * Initial release.
+* AADNamedLocationPolicy
+  * Fixed issue where duplicate names were not detected correctly.
 * AADNetworkAccessForwardingProfile
   * Initial release.
 * AADOrganizationCertificateBasedAuthConfiguration
@@ -66,6 +68,9 @@
   * Fixed missing permissions in settings.json
 * SCPolicyConfig
   * Initial release.
+* SCSensitivityLabel
+  * Fixed issue with setting label priority
+    FIXES [#5266](https://github.com/microsoft/Microsoft365DSC/issues/5266)
 * SentinelAlertRule
   * Initial release.
 * SentinelThreatIntelligenceIndicator

Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1

@@ -121,6 +121,8 @@ function Get-TargetResource
                     -Source $($MyInvocation.MyCommand.Source) `
                     -TenantId $TenantId `
                     -Credential $Credential
+
+                return $nullReturn
             }
         }
         if ($null -eq $NamedLocation)
@@ -252,6 +254,26 @@ function Set-TargetResource
     Add-M365DSCTelemetryEvent -Data $data
     #endregion
 
+    try
+    {
+        if ($Id)
+        {
+            $NamedLocation = Get-MgBetaIdentityConditionalAccessNamedLocation -NamedLocationId $Id -ErrorAction Stop
+        }
+    }
+    catch
+    {
+        Write-Verbose -Message "Could not retrieve AAD Named Location by ID {$Id}"
+    }
+    if ($null -eq $NamedLocation)
+    {
+        $NamedLocation = Get-MgBetaIdentityConditionalAccessNamedLocation -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName }
+        if ($NamedLocation.Length -gt 1)
+        {
+            throw "More than one instance of a Named Location Policy with name {$DisplayName} was found. Please provide the ID parameter."
+        }
+    }
+
     $currentAADNamedLocation = Get-TargetResource @PSBoundParameters
 
     $desiredValues = @{

Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1

@@ -1133,14 +1133,14 @@ function Set-TargetResource
         try
         {
             Write-Verbose -Message "Creating Label {$Name}"
-            New-Label @CreationParams -ErrorAction Stop
+            $newLabel = New-Label @CreationParams -ErrorAction Stop
 
             ## Can't set priority until label created
-            if ($PSBoundParameters.ContainsKey('Priority'))
+            if ($PSBoundParameters.ContainsKey('Priority') -and $Priority -lt $newLabel.Priority)
             {
                 Start-Sleep 5
                 Write-Verbose -Message "Updating the priority for newly created label {$Name}"
-                Set-label -Identity $Name -priority $Priority -ErrorAction Stop
+                Set-Label -Identity $Name -priority $Priority -ErrorAction Stop
             }
         }
         catch
@@ -1705,7 +1705,7 @@ function Convert-StringToAdvancedSettings
         $settingString = $setting.Replace('[', '').Replace(']', '')
         $settingKey = $settingString.Split(',')[0]
 
-        if ($settingKey -notin @('displayname', 'contenttype', 'tooltip'))
+        if ($settingKey -notin @('displayname', 'contenttype', 'tooltip', 'parentid'))
         {
             $startPos = $settingString.IndexOf(',', 0) + 1
             $valueString = $settingString.Substring($startPos, $settingString.Length - $startPos).Trim()

Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1

@@ -193,6 +193,52 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             }
         }
 
+        Context -Name 'Policies with duplicate names exist' -Fixture {
+            BeforeAll {
+                $testParams = @{
+                    DisplayName = 'Company Network'
+                    Ensure      = 'Present'
+                    IpRanges    = @('2.1.1.1/32', '1.2.2.2/32')
+                    IsTrusted   = $True
+                    OdataType   = '#microsoft.graph.ipNamedLocation'
+                    Credential  = $Credscredential
+                }
+
+                Mock -CommandName Get-MgBetaIdentityConditionalAccessNamedLocation -MockWith {
+                    return @(
+                        @{
+                            DisplayName          = 'Company Network'
+                            Id                   = '046956df-2367-4dd4-b7fd-c6175ec11cd5'
+                            AdditionalProperties = @{
+                                ipRanges      = @(@{cidrAddress = '2.1.1.1/32' }, @{cidrAddress = '1.2.2.2/32' })
+                                isTrusted     = $False
+                                '@odata.type' = '#microsoft.graph.ipNamedLocation'
+                            }
+                        }
+                        @{
+                            DisplayName          = 'Company Network'
+                            Id                   = '046956df-2367-4dd4-b7fd-c6175ec11cd6'
+                            AdditionalProperties = @{
+                                ipRanges      = @(@{cidrAddress = '2.1.1.1/32' }, @{cidrAddress = '1.2.2.2/32' })
+                                isTrusted     = $False
+                                '@odata.type' = '#microsoft.graph.ipNamedLocation'
+                            }
+                        }
+                    )
+                }
+            }
+
+            It 'Should return values from the get method' {
+                $result = Get-TargetResource @testParams
+                $result.Ensure | Should -Be 'Absent'
+                Should -Invoke -CommandName 'Get-MgBetaIdentityConditionalAccessNamedLocation' -Exactly 1
+            }
+
+            It 'Should call the set method' {
+                { Set-TargetResource @testParams } | Should -Throw "More than one instance of a Named Location Policy with name {Company Network} was found. Please provide the ID parameter."
+            }
+        }
+
         Context -Name 'ReverseDSC Tests' -Fixture {
             BeforeAll {
                 $Global:CurrentModeIsExport = $true