Skip to content

Commit

Permalink
Merge pull request #5382 from FabienTschanz/fix/intune-local-admin
Browse files Browse the repository at this point in the history
Fix property naming and settings catalog handling
  • Loading branch information
NikCharlebois authored Nov 12, 2024
2 parents f5dcd4f + 727843e commit 9f2e0a6
Show file tree
Hide file tree
Showing 9 changed files with 51 additions and 11 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,22 @@

# UNRELEASED

* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
* Update property `PasswordAgeDays_AAD` to be lower-case.
FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2)
* IntuneAntivirusExclusionsPolicyMacOS
* Initial release.
* IntuneAntivirusPolicyWindows10SettingCatalog
* Update properties to be upper-case.
Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373)
* IntuneSecurityBaselineMicrosoftEdge
* Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes`
* M365DSCDRGUtil
* Restrict CIM instance access to properties that appear multiple times.
* Switch log type for not found Intune assignments to `Warning`.
* M365DSCIntuneSettingsCatalogUtil
* Add ADMX handling for `edge~httpauthentication_`.
FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2)
* DEPENDENCIES
* Updated DSCParser to version 2.0.0.12.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function Get-TargetResource
[Parameter()]
[System.Int32]
[ValidateRange(7, 365)]
$PasswordAgeDays_AAD,
$passwordagedays_aad,

[Parameter()]
[System.Int32]
Expand Down Expand Up @@ -118,7 +118,7 @@ function Get-TargetResource
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies
#Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
Expand Down Expand Up @@ -237,7 +237,7 @@ function Set-TargetResource
[Parameter()]
[System.Int32]
[ValidateRange(7, 365)]
$PasswordAgeDays_AAD,
$passwordagedays_aad,

[Parameter()]
[System.Int32]
Expand Down Expand Up @@ -324,7 +324,7 @@ function Set-TargetResource
)

#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies
#Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
Expand Down Expand Up @@ -433,7 +433,7 @@ function Test-TargetResource
[Parameter()]
[System.Int32]
[ValidateRange(7, 365)]
$PasswordAgeDays_AAD,
$passwordagedays_aad,

[Parameter()]
[System.Int32]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy : OMI
[Write, Description("Description of the account protection local administrator password solution policy.")] String Description;
[Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[];
[Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory;
[Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 PasswordAgeDays_AAD;
[Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 passwordagedays_aad;
[Write, Description("Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365")] UInt32 PasswordAgeDays;
[Write, Description("Configures additional enforcement of maximum password age for the managed local administrator account.")] Boolean PasswordExpirationProtectionEnabled;
[Write, Description("Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12")] UInt32 AdEncryptedPasswordHistorySize;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ function Get-TargetResource
[System.String]
$authschemes,

[Parameter()]
[System.String]
$AuthSchemes_AuthSchemes,

[Parameter()]
[ValidateSet('0', '1')]
[System.String]
Expand Down Expand Up @@ -338,6 +342,10 @@ function Set-TargetResource
[System.String]
$authschemes,

[Parameter()]
[System.String]
$AuthSchemes_AuthSchemes,

[Parameter()]
[ValidateSet('0', '1')]
[System.String]
Expand Down Expand Up @@ -441,6 +449,13 @@ function Set-TargetResource
$platforms = 'windows10'
$technologies = 'mdm'

if ($BoundParameters.ContainsKey('authschemes'))
{
Write-Warning -Message "The parameter 'authschemes' is deprecated. Please use 'AuthSchemes_AuthSchemes' instead."
$BoundParameters['AuthSchemes_AuthSchemes'] = $BoundParameters['authschemes']
$BoundParameters.Remove('authschemes') | Out-Null
}

if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
{
Write-Verbose -Message "Creating an Intune Security Baseline Microsoft Edge with Name {$DisplayName}"
Expand Down Expand Up @@ -589,6 +604,10 @@ function Test-TargetResource
[System.String]
$authschemes,

[Parameter()]
[System.String]
$AuthSchemes_AuthSchemes,

[Parameter()]
[ValidateSet('0', '1')]
[System.String]
Expand Down Expand Up @@ -730,6 +749,17 @@ function Test-TargetResource
}
}

if ($PSBoundParameters.ContainsKey('authschemes'))
{
Write-Warning -Message "The parameter 'authschemes' is deprecated. Please use 'AuthSchemes_AuthSchemes' instead."
if ($PSBoundParameters['authschemes'] -ne $CurrentValues['AuthSchemes_AuthSchemes'])
{
$testResult = $false
}
$ValuesToCheck.Remove('authschemes') | Out-Null
$ValuesToCheck.Remove('AuthSchemes_AuthSchemes') | Out-Null
}

$ValuesToCheck.Remove('Id') | Out-Null
$ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ class MSFT_IntuneSecurityBaselineMicrosoftEdge : OMI_BaseResource
[Write, Description("Force WebSQL to be enabled (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WebSQLAccess;
[Write, Description("Allow Basic authentication for HTTP (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String BasicAuthOverHttpEnabled;
[Write, Description("Supported authentication schemes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftEdge_HTTPAuthentication_AuthSchemes;
[Write, Description("Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes")] String authschemes;
[Write, Description("(Deprecated) - Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes")] String authschemes;
[Write, Description("Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes")] String AuthSchemes_AuthSchemes;
[Write, Description("Allow user-level native messaging hosts (installed without admin permissions) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NativeMessagingUserLevelHosts;
[Write, Description("Specifies whether to allow insecure websites to make requests to more-private network endpoints (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String InsecurePrivateNetworkRequestsAllowed;
[Write, Description("Show the Reload in Internet Explorer mode button in the toolbar (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String InternetExplorerModeToolbarButtonEnabled;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Configuration Example
}
);
BackupDirectory = "1";
PasswordAgeDays_AAD = 10;
passwordagedays_aad = 10;
AdministratorAccountName = "Administrator";
PasswordAgeDays = 20;
ApplicationId = $ApplicationId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Configuration Example
}
);
BackupDirectory = "1";
PasswordAgeDays_AAD = 15; # Updated Property
passwordagedays_aad = 15; # Updated Property
AdministratorAccountName = "Administrator";
PasswordAgeDays = 20;
ApplicationId = $ApplicationId;
Expand Down
2 changes: 1 addition & 1 deletion Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -2480,7 +2480,7 @@ function Update-IntuneDeviceConfigurationPolicy
'settings' = $Settings
}
$body = $policy | ConvertTo-Json -Depth 20
Write-Verbose -Message $body -Verbose
# Write-Verbose -Message $body -Verbose
Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body $body -ErrorAction Stop
}
catch
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@
}

# When there is no parent, we can't use the parent setting name to make the setting name unique
# Instead, we traverse up the OffsetUri.
# Instead, we traverse up the OffsetUri.
if ($null -eq $parentSetting)
{
$settingResult = Get-UniqueSettingDefinitionNameFromMultipleMatches -SettingDefinition $SettingDefinition -SettingName $settingName -SettingsWithSameName $settingsWithSameName
Expand Down Expand Up @@ -98,6 +98,7 @@
'pub16v2~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v2~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV2_') }
'pub16v3~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v3~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV3_') }
'microsoft_edge~Policy~microsoft_edge~*' { $settingName = $settingName.Replace('microsoft_edge~Policy~microsoft_edge', 'MicrosoftEdge_') }
'edge~httpauthentication*' { $settingName = $settingName.Replace('edge~httpauthentication', 'MicrosoftEdge_HTTPAuthentication') }
'*~L_Security~*' { $settingName = $settingName.Replace('~L_Security', 'Security') }
'*~L_TrustCenter*' { $settingName = $settingName.Replace('~L_TrustCenter', '_TrustCenter') }
'*~L_ProtectedView_*' { $settingName = $settingName.Replace('~L_ProtectedView', 'ProtectedView') }
Expand Down

0 comments on commit 9f2e0a6

Please sign in to comment.