Skip to content

Commit

Permalink
Merge pull request #4177 from microsoft/Dev
Browse files Browse the repository at this point in the history
Release 1.24.117.1
  • Loading branch information
NikCharlebois authored Jan 17, 2024
2 parents 8f7275d + 716b41d commit a2d27b7
Show file tree
Hide file tree
Showing 136 changed files with 896 additions and 822 deletions.
33 changes: 31 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,34 @@
# Change log for Microsoft365DSC

# 1.24.117.1

* AADAdministrativeUnit
* Used generic Graph API URL from MSCloudLoginConnectionProfile.
* AADApplication
* Ignore Permissions in tests if not passed. Preventing null comparison errors.
* AADAttributeSet
* Removed the ability to specify a value of Absent for the Ensure property.
* AADConditionalAccessPolicy
* Fixes an error where the ApplicationEnforcedRestrictionsIsEnabled parameter
was always set to false in scenarios where it should have been null.
* AADAuthenticationMethodPolicy
* Removed the ability to specify a value of Absent for the Ensure property.
* AADAuthenticationMethodPolicyX509
* Fix the way we returned an empty rule set from the Get method. This caused
the Test-TargetResource method to return true even when instances matched.
* AADRoleSetting
* Removed the ability to specify a value of Absent for the Ensure property.
* EXOAntiPhishPolicy
* Add support for HonorDmarcPolicy parameter
FIXES [[#4138](https://github.com/microsoft/Microsoft365DSC/issues/4138)]
* IntuneDeviceConfigurationPolicyMacOS
* Fix CIM instances comparison in Test-TargetResource and export
CompliantAppsList with the correct type
FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144)
* DEPENDENCIES
* Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178.
* Updated MSCloudLoginAssistant to version 1.1.7.

# 1.24.110.1

* AADAdministrativeUnit
Expand All @@ -9,11 +38,11 @@
* AADConditionalAccessPolicy
* Added support for application filters in the conditions.
* Implement Fix #3885. Manage Exclude Application.
FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)]
FIXES [#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)
* EXOHostedContentFilterPolicy
* Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders,
BlockSenderDomains if desired state is empty but current state is not empty.
FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124)
FIXES [#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124)
* EXOMailContact
* Added support for Custom Attributes and Extension Custom Attributes.
* IntuneDeviceConfigurationPolicyMacOS
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,8 @@ function Get-TargetResource
foreach ($auMember in $auMembers)
{
$member = @{}
$memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auMember.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)"
$memberObject = Invoke-MgGraphRequest -Uri $url
if ($memberObject.'@odata.type' -match 'user')
{
$member.Add('Identity', $memberObject.UserPrincipalName)
Expand Down Expand Up @@ -239,7 +240,8 @@ function Get-TargetResource
}
}
Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}"
$memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
$memberObject = Invoke-MgGraphRequest -Uri $url
Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}"
if (($memberObject.'@odata.type') -match 'user')
{
Expand Down Expand Up @@ -564,7 +566,8 @@ function Set-TargetResource
{
Write-Verbose -Message "Adding new dynamic member {$($member.Id)}"
$memberBodyParam = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/$($member.Type)/$($member.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$($member.Type)/$($member.Id)"
'@odata.id' = $url
}

New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId $policy.Id -BodyParameter $memberBodyParam
Expand Down Expand Up @@ -661,7 +664,8 @@ function Set-TargetResource
Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}"

$memberBodyParam = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/$memberType/$($memberObject.Id)"
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$memberType/$($memberObject.Id)"
'@odata.id' = $url
}
New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId ($currentInstance.Id) -BodyParameter $memberBodyParam | Out-Null
}
Expand Down Expand Up @@ -789,9 +793,11 @@ function Set-TargetResource
elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing AU {$DisplayName}"
#region resource generator code
Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id
#endregion
# Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1
# https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529
$url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
#Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -767,7 +767,7 @@ function Test-TargetResource

$CurrentValues = Get-TargetResource @PSBoundParameters

if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name)
if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0)
{
$permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name)
$driftedParams = @{}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ function Get-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down Expand Up @@ -127,7 +127,7 @@ function Set-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down Expand Up @@ -182,11 +182,6 @@ function Set-TargetResource
$BoundParameters.Remove('Id') | Out-Null
Update-MgBetaDirectoryAttributeSet @BoundParameters | Out-Null
}
elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing the Attribute Set with Id {$($currentInstance.Id)}"
Remove-MgBetaDirectoryAttributeSet -AttributeSetId $Id | Out-Null
}
}

function Test-TargetResource
Expand All @@ -210,7 +205,7 @@ function Test-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ class MSFT_AADAttributeSet : OMI_BaseResource
[Key, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Id;
[Write, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Description;
[Write, Description("Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.")] UInt32 MaxAttributesPerSet;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure;
[Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ function Get-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down Expand Up @@ -91,7 +91,10 @@ function Get-TargetResource

$getValue = $null
#region resource generator code
$getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue
if (-not [System.String]::IsNullOrEmpty($Id))
{
$getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue
}

if ($null -eq $getValue)
{
Expand Down Expand Up @@ -290,7 +293,7 @@ function Set-TargetResource
#endregion
[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down Expand Up @@ -361,13 +364,6 @@ function Set-TargetResource
Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters
#endregion
}
elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing the Azure AD Authentication Method Policy with Id {$($currentInstance.Id)}"
#region resource generator code
Remove-MgBetaPolicyAuthenticationMethodPolicy
#endregion
}
}

function Test-TargetResource
Expand Down Expand Up @@ -412,7 +408,7 @@ function Test-TargetResource

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
[ValidateSet('Present')]
$Ensure = 'Present',

[Parameter()]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource
[Write, Description("Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphregistrationEnforcement")] String RegistrationEnforcement;
[Write, Description("Prompt users with their most-preferred credential for multifactor authentication."), EmbeddedInstance("MSFT_MicrosoftGraphsystemCredentialPreferences")] String SystemCredentialPreferences;
[Write, Description("The unique identifier for an entity. Read-only.")] String Id;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure;
[Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -507,7 +507,10 @@ function Set-TargetResource
$UpdateParameters = ([Hashtable]$BoundParameters).clone()
$UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters


$UpdateParameters.Remove('Id') | Out-Null

Write-Verbose -Message "Flag1"
# replace group Displayname with group id
if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -and `
$UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
Expand All @@ -518,6 +521,8 @@ function Set-TargetResource
$groupid = (Get-MgGroup -Filter $Filter).id.ToString()
$UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid)
}

Write-Verbose -Message "Flag2"
if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -and `
$UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
$UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState'))
Expand All @@ -527,6 +532,7 @@ function Set-TargetResource
$groupid = (Get-MgGroup -Filter $Filter).id.ToString()
$UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid)
}
Write-Verbose -Message "Flag3"
if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -and `
$UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
$UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState'))
Expand All @@ -536,6 +542,7 @@ function Set-TargetResource
$groupid = (Get-MgGroup -Filter $Filter).id.ToString()
$UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid)
}
Write-Verbose -Message "Flag4"
if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -and `
$UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
$UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState'))
Expand All @@ -545,6 +552,7 @@ function Set-TargetResource
$groupid = (Get-MgGroup -Filter $Filter).id.ToString()
$UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid)
}
Write-Verbose -Message "Flag5"
if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -and `
$UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
$UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState'))
Expand All @@ -554,6 +562,7 @@ function Set-TargetResource
$groupid = (Get-MgGroup -Filter $Filter).id.ToString()
$UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid)
}
Write-Verbose -Message "Flag6"
if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -and `
$UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and
$UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState'))
Expand All @@ -565,41 +574,40 @@ function Set-TargetResource
}

# DEPRECATED
Write-Verbose -Message "Flag7"
if ($UpdateParameters.featureSettings.ContainsKey('NumberMatchingRequiredState'))
{
Write-Verbose -Message "The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration."
$UpdateParameters.featureSettings.Remove('NumberMatchingRequiredState')
}

Write-Verbose -Message "Flag8"
$keys = (([Hashtable]$UpdateParameters).clone()).Keys
foreach ($key in $keys)
{
if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*')
{
Write-Verbose -Message "Flag9a"
$UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key
Write-Verbose -Message "Flag9b"
}
if ($key -eq 'IncludeTargets')
{
$i = 0
foreach ($entry in $UpdateParameters.$key)
{
if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users')
{
$Filter = "Displayname eq '$($entry.id)'" | Out-String
$UpdateParameters.$key[$i].foreach('id', (Get-MgGroup -Filter $Filter).id.ToString())
}
$i++
}
}
if ($key -eq 'ExcludeTargets')
if ($key -eq 'IncludeTargets' -or $key -eq 'ExcludeTargets')
{
$i = 0
foreach ($entry in $UpdateParameters.$key)
{
if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users')
{
$Filter = "Displayname eq '$($entry.id)'" | Out-String
$UpdateParameters.$key[$i].foreach('id', (Get-MgGroup -Filter $Filter).id.ToString())
$group = Get-MgGroup -Filter $Filter
if ($null -ne $group)
{
$UpdateParameters.$key[$i].foreach('id', $group.id.ToString())
}
else
{
Write-Verbose -Message "Couldn't find group with DisplayName {$($entry.id)}"
}
}
$i++
}
Expand Down
Loading

0 comments on commit a2d27b7

Please sign in to comment.