diff --git a/CHANGELOG.md b/CHANGELOG.md index 80c14b376f..97233cfeee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,34 @@ # Change log for Microsoft365DSC +# 1.24.117.1 + +* AADAdministrativeUnit + * Used generic Graph API URL from MSCloudLoginConnectionProfile. +* AADApplication + * Ignore Permissions in tests if not passed. Preventing null comparison errors. +* AADAttributeSet + * Removed the ability to specify a value of Absent for the Ensure property. +* AADConditionalAccessPolicy + * Fixes an error where the ApplicationEnforcedRestrictionsIsEnabled parameter + was always set to false in scenarios where it should have been null. +* AADAuthenticationMethodPolicy + * Removed the ability to specify a value of Absent for the Ensure property. +* AADAuthenticationMethodPolicyX509 + * Fix the way we returned an empty rule set from the Get method. This caused + the Test-TargetResource method to return true even when instances matched. +* AADRoleSetting + * Removed the ability to specify a value of Absent for the Ensure property. +* EXOAntiPhishPolicy + * Add support for HonorDmarcPolicy parameter + FIXES [[#4138](https://github.com/microsoft/Microsoft365DSC/issues/4138)] +* IntuneDeviceConfigurationPolicyMacOS + * Fix CIM instances comparison in Test-TargetResource and export + CompliantAppsList with the correct type + FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144) +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. + * Updated MSCloudLoginAssistant to version 1.1.7. + # 1.24.110.1 * AADAdministrativeUnit @@ -9,11 +38,11 @@ * AADConditionalAccessPolicy * Added support for application filters in the conditions. * Implement Fix #3885. Manage Exclude Application. - FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] + FIXES [#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885) * EXOHostedContentFilterPolicy * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, BlockSenderDomains if desired state is empty but current state is not empty. - FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) + FIXES [#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) * EXOMailContact * Added support for Custom Attributes and Extension Custom Attributes. * IntuneDeviceConfigurationPolicyMacOS diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 09092a8b7b..910ed8d5f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -195,7 +195,8 @@ function Get-TargetResource foreach ($auMember in $auMembers) { $member = @{} - $memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auMember.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)" + $memberObject = Invoke-MgGraphRequest -Uri $url if ($memberObject.'@odata.type' -match 'user') { $member.Add('Identity', $memberObject.UserPrincipalName) @@ -239,7 +240,8 @@ function Get-TargetResource } } Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" - $memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" + $memberObject = Invoke-MgGraphRequest -Uri $url Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" if (($memberObject.'@odata.type') -match 'user') { @@ -564,7 +566,8 @@ function Set-TargetResource { Write-Verbose -Message "Adding new dynamic member {$($member.Id)}" $memberBodyParam = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/$($member.Type)/$($member.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$($member.Type)/$($member.Id)" + '@odata.id' = $url } New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId $policy.Id -BodyParameter $memberBodyParam @@ -661,7 +664,8 @@ function Set-TargetResource Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" $memberBodyParam = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/$memberType/$($memberObject.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$memberType/$($memberObject.Id)" + '@odata.id' = $url } New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId ($currentInstance.Id) -BodyParameter $memberBodyParam | Out-Null } @@ -789,9 +793,11 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing AU {$DisplayName}" - #region resource generator code - Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id - #endregion + # Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1 + # https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529 + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" + Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null + #Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index f446d22e2d..0fb97b0d94 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -767,7 +767,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name) + if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0) { $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name) $driftedParams = @{} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 index e7f4611617..584cfd8c7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 @@ -19,7 +19,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -127,7 +127,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -182,11 +182,6 @@ function Set-TargetResource $BoundParameters.Remove('Id') | Out-Null Update-MgBetaDirectoryAttributeSet @BoundParameters | Out-Null } - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing the Attribute Set with Id {$($currentInstance.Id)}" - Remove-MgBetaDirectoryAttributeSet -AttributeSetId $Id | Out-Null - } } function Test-TargetResource @@ -210,7 +205,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof index 9011a94914..399eb2cf1f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof @@ -4,7 +4,7 @@ class MSFT_AADAttributeSet : OMI_BaseResource [Key, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Id; [Write, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Description; [Write, Description("Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.")] UInt32 MaxAttributesPerSet; - [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index 5f2a544a0d..bc133df731 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -41,7 +41,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -91,7 +91,10 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -290,7 +293,7 @@ function Set-TargetResource #endregion [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -361,13 +364,6 @@ function Set-TargetResource Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters #endregion } - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing the Azure AD Authentication Method Policy with Id {$($currentInstance.Id)}" - #region resource generator code - Remove-MgBetaPolicyAuthenticationMethodPolicy - #endregion - } } function Test-TargetResource @@ -412,7 +408,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof index 3032878341..f7f304d3bb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof @@ -55,7 +55,7 @@ class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource [Write, Description("Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphregistrationEnforcement")] String RegistrationEnforcement; [Write, Description("Prompt users with their most-preferred credential for multifactor authentication."), EmbeddedInstance("MSFT_MicrosoftGraphsystemCredentialPreferences")] String SystemCredentialPreferences; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index 1af1575dc7..bcc87c21a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -507,7 +507,10 @@ function Set-TargetResource $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $UpdateParameters.Remove('Id') | Out-Null + + Write-Verbose -Message "Flag1" # replace group Displayname with group id if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -and ` $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and @@ -518,6 +521,8 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid) } + + Write-Verbose -Message "Flag2" if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -and ` $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) @@ -527,6 +532,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag3" if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -and ` $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) @@ -536,6 +542,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag4" if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -and ` $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) @@ -545,6 +552,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag5" if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -and ` $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) @@ -554,6 +562,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag6" if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -and ` $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) @@ -565,33 +574,24 @@ function Set-TargetResource } # DEPRECATED + Write-Verbose -Message "Flag7" if ($UpdateParameters.featureSettings.ContainsKey('NumberMatchingRequiredState')) { Write-Verbose -Message "The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration." $UpdateParameters.featureSettings.Remove('NumberMatchingRequiredState') } + Write-Verbose -Message "Flag8" $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { + Write-Verbose -Message "Flag9a" $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + Write-Verbose -Message "Flag9b" } - if ($key -eq 'IncludeTargets') - { - $i = 0 - foreach ($entry in $UpdateParameters.$key) - { - if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') - { - $Filter = "Displayname eq '$($entry.id)'" | Out-String - $UpdateParameters.$key[$i].foreach('id', (Get-MgGroup -Filter $Filter).id.ToString()) - } - $i++ - } - } - if ($key -eq 'ExcludeTargets') + if ($key -eq 'IncludeTargets' -or $key -eq 'ExcludeTargets') { $i = 0 foreach ($entry in $UpdateParameters.$key) @@ -599,7 +599,15 @@ function Set-TargetResource if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') { $Filter = "Displayname eq '$($entry.id)'" | Out-String - $UpdateParameters.$key[$i].foreach('id', (Get-MgGroup -Filter $Filter).id.ToString()) + $group = Get-MgGroup -Filter $Filter + if ($null -ne $group) + { + $UpdateParameters.$key[$i].foreach('id', $group.id.ToString()) + } + else + { + Write-Verbose -Message "Couldn't find group with DisplayName {$($entry.id)}" + } } $i++ } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 index 80d6cfdef0..229cfccfb5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 @@ -4,7 +4,6 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - #region resource generator code [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AuthenticationModeConfiguration, @@ -30,8 +29,6 @@ function Get-TargetResource [System.String] $Id, - #endregion - [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -111,15 +108,20 @@ function Get-TargetResource { $myRules.Add('X509CertificateRuleType', $currentRules.x509CertificateRuleType.toString()) } - if ($myRules.values.Where({ $null -ne $_ }).count -gt 0) + if ($myRules.values.Where({ $null -ne $_ }).count -gt 0 -and $myRules.Keys.Length -gt 0) { $complexRules += $myRules } + if ($complexRules.Length -le 0) + { + $complexRules = $null + } $complexAuthenticationModeConfiguration.Add('Rules', $complexRules) } } - else { - $complexAuthenticationModeConfiguration.Add('Rules', @('')) + else + { + $complexAuthenticationModeConfiguration.Add('Rules', @()) } if ($null -ne $getValue.AdditionalProperties.authenticationModeConfiguration.x509CertificateAuthenticationDefaultMode) @@ -392,7 +394,7 @@ function Set-TargetResource #region resource generator code $UpdateParameters.Add('@odata.type', '#microsoft.graph.x509CertificateAuthenticationMethodConfiguration') Write-Verbose -Message "Updating with Values: $(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)" - Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` + Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` -AuthenticationMethodConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 17df78d577..d5fd93d23c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -649,20 +649,20 @@ function Get-TargetResource BuiltInControls = [System.String[]](@() + $Policy.GrantControls.BuiltInControls) CustomAuthenticationFactors = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors) #no translation needed, return empty string array if undefined - ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled + ApplicationEnforcedRestrictionsIsEnabled = $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled #make false if undefined, true if true - CloudAppSecurityIsEnabled = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled + CloudAppSecurityIsEnabled = $Policy.SessionControls.CloudAppSecurity.IsEnabled #make false if undefined, true if true CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType #no translation needed, return empty string array if undefined - SignInFrequencyIsEnabled = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled + SignInFrequencyIsEnabled = $Policy.SessionControls.SignInFrequency.IsEnabled #make false if undefined, true if true SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value #no translation or conversion needed, $null returned if undefined SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type SignInFrequencyInterval = $SignInFrequencyIntervalValue #no translation needed - PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled + PersistentBrowserIsEnabled = $Policy.SessionControls.PersistentBrowser.IsEnabled #make false if undefined, true if true PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode #no translation needed @@ -1474,15 +1474,13 @@ function Set-TargetResource { Write-Verbose -Message 'Set-Targetresource: create provision Session Control object' $sessioncontrols = @{ - ApplicationEnforcedRestrictions = @{ - IsEnabled = $false - } + ApplicationEnforcedRestrictions = @{} } - if ($ApplicationEnforcedRestrictionsIsEnabled) + if ($ApplicationEnforcedRestrictionsIsEnabled -eq $true) { #create and provision ApplicationEnforcedRestrictions object if used - $sessioncontrols.ApplicationEnforcedRestrictions.IsEnabled = $true + $sessioncontrols.ApplicationEnforcedRestrictions.Add('IsEnabled', $true) } if ($CloudAppSecurityIsEnabled) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index f1e371a6d5..f7becb8603 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -187,6 +187,44 @@ } else { + $ObjectGuid = [System.Guid]::empty + if ($PrincipalType -eq 'User') + { + Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}" + + if ([System.Guid]::TryParse($Principal,[System.Management.Automation.PSReference]$ObjectGuid)) + { + $PrincipalIdValue = Get-MgUser -UserId $Principal -ErrorAction SilentlyContinue + } + else + { + $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue + } + $PrincipalTypeValue = 'User' + } + + if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group') + { + Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}" + if ([System.Guid]::TryParse($Principal,[System.Management.Automation.PSReference]$ObjectGuid)) + { + $PrincipalIdValue = Get-MgGroup -GroupId $Principal -ErrorAction SilentlyContinue + } + else + { + $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue + } + $PrincipalTypeValue = 'Group' + } + + if ($null -ne $PrincipalIdValue) + { + $PrincipalId = $PrincipalIdValue.Id + } + else + { + return $nullResult + } $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id $schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$($request.PrincipalId)' and RoleDefinitionId eq '$RoleDefinitionId'" } @@ -646,7 +684,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - + $ValuesToCheck.Remove("Action") | Out-Null if($null -ne $CurrentValues.ScheduleInfo -and $null -ne $ValuesToCheck.ScheduleInfo) { # Compare ScheduleInfo.Expiration @@ -797,8 +835,17 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo - + try + { + if ($null -ne $results.ScheduleInfo) + { + $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo + } + } + catch + { + Write-Verbose -Message "Error converting Schedule: $_" + } if ($Results.TicketInfo) { $Results.TicketInfo = Get-M365DSCAzureADEligibilityRequestTicketInfoAsString -TicketInfo $Results.TicketInfo diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index e978aab640..c179d662c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -165,7 +165,7 @@ function Get-TargetResource $EligibleAssignmentAssigneeNotificationOnlyCritical, [Parameter()] - [ValidateSet('Present', 'Absent')] + [ValidateSet('Present')] [System.String] $Ensure = 'Present', @@ -213,7 +213,6 @@ function Get-TargetResource #endregion $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' $RoleDefintion = $null if ($null -ne $Script:exportedInstances -and $Script:ExportMode) @@ -559,7 +558,7 @@ function Set-TargetResource $EligibleAssignmentAssigneeNotificationOnlyCritical, [Parameter()] - [ValidateSet('Present', 'Absent')] + [ValidateSet('Present')] [System.String] $Ensure = 'Present', @@ -1271,7 +1270,7 @@ function Test-TargetResource $EligibleAssignmentAssigneeNotificationOnlyCritical, [Parameter()] - [ValidateSet('Present', 'Absent')] + [ValidateSet('Present')] [System.String] $Ensure = 'Present', diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof index 202e5e947b..5a78b465fb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof @@ -41,7 +41,7 @@ class MSFT_AADRoleSetting : OMI_BaseResource [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False)")] Boolean EligibleAssignmentAssigneeNotificationDefaultRecipient; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN)")] String EligibleAssignmentAssigneeNotificationAdditionalRecipient[]; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False)")] Boolean EligibleAssignmentAssigneeNotificationOnlyCritical; - [Write, Description("Specify if the Azure AD role setting should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Specify if the Azure AD role setting should exist or not."), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 5a56e3da0e..489a81b607 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -151,8 +151,11 @@ function Get-TargetResource if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) { $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" - $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` - -Expand 'AppRoleAssignedTo' + if ($appInstance) + { + $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` + -Expand 'AppRoleAssignedTo' + } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 index bdd1653227..7431729c3c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 @@ -206,6 +206,8 @@ function Set-TargetResource $currentParameters.Add('OrganizationId', $(Get-MgBetaOrganization).Id) try { + Write-Verbose -Message "Calling Update-MGBetaOrganization with parameters:" + Write-Verbose -Message "$(Convert-M365DscHashtableToString -Hashtable $currentParameters)" Update-MgBetaOrganization @currentParameters } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index a7ee0a2413..e5756268a4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -839,6 +839,11 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + if ($Ensure -eq 'Absent' -and $CurrentValues.Ensure -eq 'Absent') + { + return $true + } + $ValuesToCheck = $PSBoundParameters $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 index 44c5a697ae..fe9e3514ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 @@ -82,6 +82,10 @@ function Get-TargetResource [System.String[]] $ExcludedSenders = @(), + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + [Parameter()] [ValidateSet('Automatic', 'Manual', 'Off')] [System.String] @@ -253,6 +257,7 @@ function Get-TargetResource EnableViaTag = $AntiPhishPolicy.EnableViaTag ExcludedDomains = $AntiPhishPolicy.ExcludedDomains ExcludedSenders = $AntiPhishPolicy.ExcludedSenders + HonorDmarcPolicy = $AntiPhishPolicy.HonorDmarcPolicy ImpersonationProtectionState = $AntiPhishPolicy.ImpersonationProtectionState MailboxIntelligenceProtectionAction = $AntiPhishPolicy.MailboxIntelligenceProtectionAction MailboxIntelligenceProtectionActionRecipients = $AntiPhishPolicy.MailboxIntelligenceProtectionActionRecipients @@ -378,6 +383,10 @@ function Set-TargetResource [System.String[]] $ExcludedSenders = @(), + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + [Parameter()] [ValidateSet('Automatic', 'Manual', 'Off')] [System.String] @@ -606,6 +615,10 @@ function Test-TargetResource [System.String[]] $ExcludedSenders = @(), + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + [Parameter()] [ValidateSet('Automatic', 'Manual', 'Off')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof index 7beea61e89..b0a1543ee2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof @@ -23,6 +23,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource [Write, Description("Make this the default antiphishing policy")] Boolean MakeDefault; [Write, Description("The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.")] String ExcludedDomains[]; [Write, Description("The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.")] String ExcludedSenders[]; + [Write, Description("The HonorDmarcPolicy enables or disables using the sender's DMARC policy to determine what to do to messages that fail DMARC checks.")] Boolean HonorDmarcPolicy; [Write, Description("The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.")] String ImpersonationProtectionState; [Write, Description("The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.")] String MailboxIntelligenceProtectionAction; [Write, Description("The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.")] String MailboxIntelligenceProtectionActionRecipients[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 index 775c1e0fc5..207888fa00 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 @@ -385,6 +385,7 @@ function Export-TargetResource if ($ReportSubmissionRule.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark + return } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 1103360a16..6482cb21d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -956,7 +956,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index 403974e7a0..a6ff9a5167 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -792,7 +792,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 index 4524e0f42c..4b58e81abc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 @@ -681,7 +681,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index 1093519915..327fc77e61 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -840,7 +840,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index d10ee2a52c..2659437cce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -1498,7 +1498,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index e2fe67a6e1..2352b5643f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -548,7 +548,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index 00d2809bc4..1a04856c16 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -1125,7 +1125,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index b5d2b73345..3a7813ec16 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -1189,7 +1189,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 index 5d83dfb4a4..7231018cf5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 @@ -575,7 +575,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 50ba894304..2173ef32b9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -893,7 +893,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index 6ef91c7036..fe0f04941d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -435,7 +435,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 index f7f68cd71e..962ab57fec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 @@ -350,7 +350,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 index a37c05d228..1b8c51567f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 @@ -377,7 +377,9 @@ function Export-TargetResource catch { if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or - $_.Exception -like "* Unauthorized*") + $_.Exception -like "* Unauthorized*" -or ` + $_.Exception -like "*Request not applicable to target tenant*" -or ` + $_.Exception -like "*BadRequest*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index d44f0dfeab..6b3353da1a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -914,7 +914,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 index 9c6c9e7602..75d548ae46 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 @@ -771,7 +771,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index 07c7f7f5e5..da9d328933 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -877,7 +877,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 index cfaf8803ca..864a3cf2c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 @@ -827,7 +827,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 375a791be5..61399e6146 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -962,7 +962,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index 514c2f80d1..4e5ccc567a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -802,7 +802,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 885e5b4265..53512b6e8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -926,7 +926,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 6eb10811c2..e35f2b96c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -639,7 +639,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 index 99c47dc2ba..5607bb05f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 @@ -623,7 +623,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 index 940dee9e16..133d05a210 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 @@ -929,7 +929,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 index d20a639331..01120c5c19 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 @@ -597,7 +597,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 index cc90413c23..1666e3262e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 @@ -757,7 +757,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 index b4a8758c1a..c9b1f664a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 @@ -6076,7 +6076,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 index be2a66186b..aa52b4dc14 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 @@ -1009,7 +1009,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index 7189bbe0eb..6fc23087bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -602,7 +602,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 index 5b59f195e9..f35fb0a9f5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 @@ -752,7 +752,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 index ef961fe6ef..72d379fc8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 @@ -670,7 +670,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 index 0f41ce9411..e0d9994c2b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 @@ -905,7 +905,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index 7f6ba6117f..abd502c21c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -647,7 +647,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 index 8a5dff18a2..234a3116a8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 @@ -825,7 +825,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 2017a13ce4..8d468a7d9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -1421,7 +1421,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index c3bb757425..5a2cace7a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -2820,7 +2820,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index be073215e9..d98004d87a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -790,7 +790,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index a54b3eb10f..7a3020057a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -1142,7 +1142,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index ef49efa6c7..96083ba513 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1204,6 +1204,8 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Id') | Out-Null if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { @@ -1212,34 +1214,19 @@ function Test-TargetResource } $testResult = $true + #Compare Cim instances foreach ($key in $PSBoundParameters.Keys) { - if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $CIMArraySource = @() - $CIMArrayTarget = @() - $CIMArraySource += $PSBoundParameters[$key] - $CIMArrayTarget += $CurrentValues.$key - if ($CIMArraySource.count -ne $CIMArrayTarget.count) - { - Write-Verbose -Message "Configuration drift:Number of items does not match: Source=$($CIMArraySource.count) Target=$($CIMArrayTarget.count)" - $testResult = $false - break - } - $i = 0 - foreach ($item in $CIMArraySource ) - { - $testResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $CIMArraySource[$i]) ` - -Target ($CIMArrayTarget[$i]) + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) - $i++ - if (-Not $testResult) - { - $testResult = $false - break - } - } if (-Not $testResult) { $testResult = $false @@ -1250,12 +1237,6 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('Id') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -1369,7 +1350,7 @@ function Export-TargetResource if ($Results.CompliantAppsList) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.CompliantAppsList -CIMInstanceName MicrosoftGraphapplistitem + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.CompliantAppsList -CIMInstanceName MicrosoftGraphapplistitemMacOS if ($complexTypeStringResult) { $Results.CompliantAppsList = $complexTypeStringResult @@ -1450,7 +1431,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 97f2ac3cf9..ad15fbea40 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -4906,7 +4906,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index c79ae6eccb..49a1e9470d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -3342,7 +3342,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 index 8c775e6490..d4e2473c17 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 @@ -887,7 +887,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 index 56c34131c0..5cb9cffc30 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 @@ -647,7 +647,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 index 75fcb8dcf9..33c280def7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 @@ -889,7 +889,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 index e5fc00b556..39ca6a3373 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 @@ -582,7 +582,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 index ee73f6a506..0300372ebe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 @@ -1282,7 +1282,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 index 7a41b0f83a..f2b3f6f663 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 @@ -833,7 +833,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index 87a26a986e..e21c224eb0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -1003,7 +1003,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Message: Location header not present in redirection response.*") + $_.Exception -like "*Message: Location header not present in redirection response.*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 index 8f434a1157..2cadeaec76 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 @@ -377,7 +377,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 99eb5b034f..7214303fba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -836,7 +836,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index 4446a78d41..c737bd8164 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -725,7 +725,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 index d5bc1f3b75..63e818f7af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 @@ -621,7 +621,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index ff596c77ce..8811c5d473 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -629,7 +629,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 index dd44300fdd..ac20b8c259 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 @@ -657,7 +657,8 @@ function Export-TargetResource catch { if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or - $_.Exception -like "* Unauthorized*") + $_.Exception -like "* Unauthorized*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index 802529ca5d..058a2e58d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -706,7 +706,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 index b55c306699..2c0ee65b94 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 @@ -549,7 +549,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index a059ab3082..5fff32e897 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -920,7 +920,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index a9f1efca80..1a6ce88633 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -712,7 +712,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 8d927a3752..550848afb0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -682,7 +682,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 index 889e5adde9..e76afffc7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 @@ -760,7 +760,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 index 64aaa0003b..a053896d55 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 @@ -673,7 +673,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index e8cfd5d709..65f8ed0088 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -672,7 +672,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index a5e7d85e15..70ed28d0bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -698,7 +698,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index c52e9d88a4..e710718398 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -753,7 +753,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 47699b2efa..d1bf3f164c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -739,7 +739,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 645971ff45..62701eca3b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -782,7 +782,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index c19fb4f998..5b4a09bf94 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -753,7 +753,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index 605ad7f2fd..f6a4bad9e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -767,7 +767,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 382ee4d4cd..bb6d409c7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -1242,7 +1242,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index b9127d417c..c4968c1c6f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -600,7 +600,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 index 7460e0682a..d1e424eab5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -1190,7 +1190,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 9338fb505c..b53aa10630 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -1094,20 +1094,29 @@ function Get-M365DSCO365OrgSettingsPlannerConfig try { $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + "/taskAPI/tenantAdminSettings/Settings"; + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $results = Invoke-RestMethod -ContentType "application/json;odata.metadata=full" ` -Headers @{"Accept"="application/json"; "Authorization"=$Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; "Accept-Charset"="UTF-8"; "OData-Version"="4.0;NetFx"; "OData-MaxVersion"="4.0;NetFx"} ` -Method GET ` - $Uri + $Uri -ErrorAction Stop return $results } catch { - Write-Verbose -Message "Not able to retrieve Office 365 Planner Settings. Please ensure correct permissions have been granted." - New-M365DSCLogEntry -Message 'Error updating Office 365 Planner Settings' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + if ($_.Exception.Message -eq 'The request was aborted: Could not create SSL/TLS secure channel.') + { + Write-Warning -Message "Could not create SSL/TLS secure channel. Skipping the Planner settings." + } + else + { + Write-Verbose -Message "Not able to retrieve Office 365 Planner Settings. Please ensure correct permissions have been granted." + New-M365DSCLogEntry -Message 'Error updating Office 365 Planner Settings' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + return $null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 index db2a33427a..0781697a0d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -64,12 +64,23 @@ function Get-TargetResource $itemInsightsDisabledForGroupValue = $group.DisplayName } - $PersonInsights = Get-MgBetaOrganizationSettingPersonInsight -OrganizationId $TenantId - $PersonInsightsDisabledForGroupValue = $null - if (-not [System.String]::IsNullOrEmpty($PersonInsights.DisabledForGroup)) + try + { + $PersonInsights = Get-MgBetaOrganizationSettingPersonInsight -OrganizationId $TenantId ` + -ErrorAction Stop + $PersonInsightsDisabledForGroupValue = $null + if (-not [System.String]::IsNullOrEmpty($PersonInsights.DisabledForGroup)) + { + $group = Get-MgGroup -GroupId ($PersonInsights.DisabledForGroup) + $PersonInsightsDisabledForGroupValue = $group.DisplayName + } + } + catch { - $group = Get-MgGroup -GroupId ($PersonInsights.DisabledForGroup) - $PersonInsightsDisabledForGroupValue = $group.DisplayName + if ($_.Exception.Message -eq "[BadRequest] : Resource not found for the segment 'peopleInsights'.") + { + Write-Warning -Message "The peopleInsights segment is not available in the selected environment." + } } return @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 index c5f862d125..802b37e1fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 @@ -49,13 +49,20 @@ function Get-TargetResource } catch { - Write-Host $Global:M365DSCEmojiRedX - - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + if ($_.Exception.Message -like "*Resource not found.*") + { + Write-Warning -Message "The API doesn't exist for the selected environment." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } return $nullReturn } @@ -189,16 +196,19 @@ function Export-TargetResource } $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + if ($Results.Ensure -eq 'Present') + { + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + } Write-Host $Global:M365DSCEmojiGreenCheckMark return $dscContent diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 8ee78e7e70..7da937491b 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -78,7 +78,7 @@ }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.177' + RequiredVersion = '2.0.178' }, @{ ModuleName = 'MicrosoftTeams' @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.4" + RequiredVersion = "1.1.7" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 deleted file mode 100644 index 530ac0e032..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADAttributeSet "AADAttributeSetTest" - { - Credential = $credsCredential; - Description = "Attribute set with 420 attributes"; - Ensure = "Absent"; - Id = "TestAttributeSet"; - MaxAttributesPerSet = 300; # Updated Property - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 index b40aee5124..902a3e01e3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example DisplayName = "My Context"; Ensure = "Present"; Id = "c3"; - IsAvailable = $True; + IsAvailable = $False; # Updated Property } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 deleted file mode 100644 index fccaab7aff..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 +++ /dev/null @@ -1,42 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationInProgress"; - PolicyVersion = "1.5"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - Credential = $credsCredential; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 index 906e101085..3ad69bbb1d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 @@ -17,7 +17,6 @@ Configuration Example { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - Description = "Updated"; # Updated Property DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; @@ -25,7 +24,7 @@ Configuration Example PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 + SnoozeDurationInDays = (Get-Random -Minimum 1 -Maximum 14) IncludeTargets = @( MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ TargetedAuthenticationMethod = 'microsoftAuthenticator' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 deleted file mode 100644 index 4d2777f8cd..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 +++ /dev/null @@ -1,27 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Absent"; - Id = "authenticationMethodsPolicy"; - Credential = $credsCredential; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 index e5249bc9b3..cd3382cfa8 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -21,7 +21,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Finance Team' # Updated Property + Id = 'Executives' # Updated Property TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index 8ebd005c43..9e05e83498 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -19,6 +19,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @(@()) }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -41,7 +42,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'DSCGroup' + Id = 'Sales Team' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 index 8ebd005c43..47ee911aea 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 @@ -19,6 +19,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 index 59adad1221..6693440a4a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 @@ -20,7 +20,7 @@ Configuration Example ApplicationEnforcedRestrictionsIsEnabled = $False; BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - CloudAppSecurityIsEnabled = $True; # Updated Porperty + CloudAppSecurityIsEnabled = $False; Credential = $Credscredential; DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; @@ -34,7 +34,7 @@ Configuration Example SignInFrequencyInterval = "timeBased"; SignInFrequencyIsEnabled = $True; SignInFrequencyType = "hours"; - SignInFrequencyValue = 1; + SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 index 6529f1c087..2507ef22a3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 @@ -16,7 +16,7 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' Ensure = 'Absent' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 index a76ea022c8..17397660a0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 @@ -11,6 +11,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { @@ -23,6 +24,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 index a2f4d5c942..0a2a11f894 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -11,7 +11,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC - + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADGroup 'MyGroups' @@ -23,6 +23,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 index 9131d0a4e7..fbfb5574ca 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 @@ -19,15 +19,15 @@ Configuration Example { AADRoleEligibilityScheduleRequest "MyRequest" { - Action = "AdminAssign"; + Action = "AdminUpdate"; Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; - IsValidationOnly = $True; # Updated Property + IsValidationOnly = $False; Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:40:44Z' + startDateTime = '2023-09-01T02:45:44Z' # Updated Property expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 deleted file mode 100644 index 1553543bfe..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 +++ /dev/null @@ -1,62 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $False; # Updated Property - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Absent' - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 index 2be911cf20..50f0db3935 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 @@ -16,8 +16,8 @@ Configuration Example { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = "AppDisplayName" + DisplayName = "AppDisplayName" Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 index 4709f7fc07..09a729a235 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 @@ -13,12 +13,10 @@ Configuration Example { Node Localhost { - AADTenantDetails 'ÇonfigureTenantDetails' + AADTenantDetails 'ConfigureTenantDetails' { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" - SecurityComplianceNotificationPhones = "+1123456789" - SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 new file mode 100644 index 0000000000..886fe687b7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $false + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 index f2368d068c..729710ea27 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 @@ -14,11 +14,11 @@ Configuration Example node localhost { - AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + AADTokenLifetimePolicy 'SetTokenLifetimePolicy' { DisplayName = "PolicyDisplayName" - Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') - IsOrganizationDefault = $false + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $true # Updated Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 index 30f6a7acb5..72667e151b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 @@ -18,6 +18,7 @@ Configuration Example AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" + DisplayName = "John J. Smith" Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 7f2b2f7538..3715c9ef21 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-01-10 +# Generated on: 2024-01-17 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.110.1' + ModuleVersion = '1.24.117.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -141,31 +141,31 @@ # ReleaseNotes of this module ReleaseNotes = '* AADAdministrativeUnit - * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. - * AADAuthenticationMethodPolicyX509 - * Added support for the property for include targets + * Used generic Graph API URL from MSCloudLoginConnectionProfile. + * AADApplication + * Ignore Permissions in tests if not passed. Preventing null comparison errors. + * AADAttributeSet + * Removed the ability to specify a value of Absent for the Ensure property. * AADConditionalAccessPolicy - * Added support for application filters in the conditions. - * Implement Fix #3885. Manage Exclude Application. - FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] - * AADGroupOwnerConsentSettings - * Initial release - Implements [#4112](https://github.com/microsoft/Microsoft365DSC/issues/4112) - * EXOHostedContentFilterPolicy - * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, - BlockSenderDomains if desired state is empty but current state is not empty. - FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) - * EXOMailContact - * Added support for Custom Attributes and Extension Custom Attributes. + * Fixes an error where the ApplicationEnforcedRestrictionsIsEnabled parameter + was always set to false in scenarios where it should have been null. + * AADAuthenticationMethodPolicy + * Removed the ability to specify a value of Absent for the Ensure property. + * AADAuthenticationMethodPolicyX509 + * Fix the way we returned an empty rule set from the Get method. This caused + the Test-TargetResource method to return true even when instances matched. + * AADRoleSetting + * Removed the ability to specify a value of Absent for the Ensure property. + * EXOAntiPhishPolicy + * Add support for HonorDmarcPolicy parameter + FIXES [[#4138](https://github.com/microsoft/Microsoft365DSC/issues/4138)] * IntuneDeviceConfigurationPolicyMacOS - * Fix workaround added on PR #4099 in order to be able to use this resource - for deployments - FIXES [#4105](https://github.com/microsoft/Microsoft365DSC/issues/4105) - * SCDLPComplianceRule - * Fix type of AccessScope - FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463) - * TeamsTenantDialPlan - * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767)' + * Fix CIM instances comparison in Test-TargetResource and export + CompliantAppsList with the correct type + FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144) + * DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. + * Updated MSCloudLoginAssistant to version 1.1.6.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 2a7a150752..2af67080d1 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -54,16 +54,21 @@ function Rename-M365DSCCimInstanceParameter ) $result = $Properties - $type = $Properties.getType().FullName - #region Array if ($type -like '*[[\]]') { $values = @() foreach ($item in $Properties) { - $values += Rename-M365DSCCimInstanceParameter $item -KeyMapping $KeyMapping + try + { + $values += Rename-M365DSCCimInstanceParameter $item -KeyMapping $KeyMapping + } + catch + { + Write-Verbose -Message "Error getting values for item {$item}" + } } $result = $values @@ -81,6 +86,7 @@ function Rename-M365DSCCimInstanceParameter { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) @@ -90,10 +96,22 @@ function Rename-M365DSCCimInstanceParameter } $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property -KeyMapping $KeyMapping)) + try + { + $subValue = Rename-M365DSCCimInstanceParameter $property -KeyMapping $KeyMapping + if ($null -ne $subValue) + { + $hashProperties.add($keyName, $subValue) + } + } + catch + { + Write-Verbose -Message "Error adding $property" + } } } $result = $hashProperties diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index ec021a850f..1d417c6905 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -82,29 +82,6 @@ Id = "c3"; IsAvailable = $True; } - AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationInProgress"; - PolicyVersion = "1.5"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - Credential = $credsCredential; - } AADAuthenticationMethodPolicyAuthenticator 'AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator' { Credential = $Credscredential; @@ -114,17 +91,9 @@ Id = 'Legal Team' TargetType = 'group' } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' - TargetType = 'group' - } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -132,10 +101,6 @@ State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -143,10 +108,6 @@ State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -306,6 +267,7 @@ { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @(@()) }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -328,7 +290,7 @@ Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'DSCGroup' + Id = 'Sales Team' TargetType = 'group' } ); @@ -489,6 +451,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } @@ -554,6 +517,14 @@ Ensure = "Present"; IdentityProviderType = "Google"; } + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $false + Ensure = "Present" + Credential = $Credscredential + } AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 new file mode 100644 index 0000000000..6f5166aed9 --- /dev/null +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -0,0 +1,325 @@ + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Configuration Master + { + param + ( + [Parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] + Node Localhost + { + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + Ensure = 'Absent' + Credential = $Credscredential + } + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + AADAuthenticationContextClassReference 'AADAuthenticationContextClassReference-Test' + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Absent"; + Id = "c3"; + IsAvailable = $True; + } + AADAuthenticationMethodPolicyAuthenticator 'AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator' + { + Ensure = "Absent"; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' + { + Ensure = "Absent"; + Id = "Email"; + State = "disabled"; # Updated Property + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyFido2 'AADAuthenticationMethodPolicyFido2-Fido2' + { + Ensure = "Absent"; + Id = "Fido2"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicySms 'AADAuthenticationMethodPolicySms-Sms' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Sms"; + } + AADAuthenticationMethodPolicySoftware 'AADAuthenticationMethodPolicySoftware-SoftwareOath' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "SoftwareOath"; + } + AADAuthenticationMethodPolicyTemporary 'AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "TemporaryAccessPass"; + } + AADAuthenticationMethodPolicyVoice 'AADAuthenticationMethodPolicyVoice-Voice' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Voice"; + } + AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "X509Certificate"; + } + AADAuthenticationStrengthPolicy 'AADAuthenticationStrengthPolicy-Example' + { + DisplayName = "Example"; + Ensure = "Absent"; + Credential = $Credscredential; + } + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + Ensure = 'Absent' + Credential = $Credscredential + } + AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' + { + AllowedCloudEndpoints = @("microsoftonline.us"); + Credential = $Credscredential; + DisplayName = "MyXTAPPolicy"; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + AADCrossTenantAccessPolicyConfigurationDefault 'AADCrossTenantAccessPolicyConfigurationDefault' + { + Credential = $Credscredential; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' + { + Credential = $Credscredential; + Ensure = "Absent"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageAssignmentPolicy 'myAssignmentPolicyWithAccessReviewsSettings' + { + DisplayName = "External tenant"; + Ensure = "Absent" + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'My Catalog' + Ensure = 'Absent' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + Ensure = 'Absent' + Credential = $Credscredential + } + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + DisplayName = "Test Tenant - DSC"; + Ensure = "Absent" + Credential = $Credscredential + } + AADGroup 'MyGroups' + { + MailNickname = "M365DSC" + SecurityEnabled = $True + MailEnabled = $True + DisplayName = "DSCGroup" + Ensure = "Absent" + Credential = $Credscredential + } + AADGroupLifecyclePolicy 'GroupLifecyclePolicy' + { + IsSingleInstance = "Yes" + AlternateNotificationEmails = @("john.smith@contoso.com") + GroupLifetimeInDays = 99 + ManagedGroupTypes = "Selected" + Ensure = "Absent" + Credential = $Credscredential + } + AADGroupsNamingPolicy 'GroupsNamingPolicy' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + AADGroupsSettings 'GeneralGroupsSettings' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + Ensure = "Absent" + Credential = $Credscredential + } + AADRoleDefinition 'AADRoleDefinition1' + { + IsEnabled = $true + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read" + DisplayName = "DSCRole1" + Ensure = "Absent" + Credential = $Credscredential + } + AADRoleEligibilityScheduleRequest 'MyRequest' + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Absent"; + IsValidationOnly = $True; # Updated Property + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + AADRoleSetting '28b253d8-cde5-471f-a331-fe7320023cdd' + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Absent' + } + AADSecurityDefaults 'Defaults' + { + Credential = $Credscredential; + Description = "Security defaults is a set of basic identity security mechanisms recommended by Microsoft. When enabled, these recommendations will be automatically enforced in your organization. Administrators and users will be better protected from common identity related attacks."; + DisplayName = "Security Defaults"; + IsEnabled = $True; + IsSingleInstance = "Yes"; + } + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "AppDisplayName" + DisplayName = "AppDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + AADSocialIdentityProvider 'AADSocialIdentityProvider-Google' + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Absent"; + IdentityProviderType = "Google"; + } + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + AADUser 'ConfigureJohnSMith' + { + UserPrincipalName = "John.Smith@$Domain" + DisplayName = "John J. Smith" + Ensure = "Absent" + Credential = $Credscredential + } + } + } + + $ConfigurationData = @{ + AllNodes = @( + @{ + NodeName = "Localhost" + PSDSCAllowPlaintextPassword = $true + } + ) + } + + # Compile and deploy configuration + try + { + Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop + } + catch + { + throw $_ + } diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index dd39063f6d..ef2eeadf00 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -79,11 +79,10 @@ DisplayName = "My Context"; Ensure = "Present"; Id = "c3"; - IsAvailable = $True; + IsAvailable = $False; # Updated Property } AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' { - Description = "Updated"; # Updated Property DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; @@ -91,7 +90,7 @@ PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 + SnoozeDurationInDays = (Get-Random -Minimum 1 -Maximum 14) IncludeTargets = @( MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ TargetedAuthenticationMethod = 'microsoftAuthenticator' @@ -110,20 +109,12 @@ Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Legal Team' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' + Id = 'Executives' # Updated Property TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -131,10 +122,6 @@ State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -142,10 +129,6 @@ State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -164,7 +147,7 @@ TargetType = 'group' } ); - IsSoftwareOathEnabled = $True; # Updated Property + IsSoftwareOathEnabled = $False; State = "enabled"; } AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' @@ -305,6 +288,7 @@ { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -338,7 +322,7 @@ TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "enabled"; } AADAuthenticationStrengthPolicy 'AADAuthenticationStrengthPolicy-Example' { @@ -371,7 +355,7 @@ ApplicationEnforcedRestrictionsIsEnabled = $False; BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - CloudAppSecurityIsEnabled = $True; # Updated Porperty + CloudAppSecurityIsEnabled = $False; Credential = $Credscredential; DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; @@ -385,7 +369,7 @@ SignInFrequencyInterval = "timeBased"; SignInFrequencyIsEnabled = $True; SignInFrequencyType = "hours"; - SignInFrequencyValue = 1; + SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' @@ -576,7 +560,6 @@ OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" - Url = "https://$Domain.sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } @@ -613,6 +596,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } @@ -668,15 +652,15 @@ } AADRoleEligibilityScheduleRequest 'MyRequest' { - Action = "AdminAssign"; + Action = "AdminUpdate"; Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; - IsValidationOnly = $True; # Updated Property + IsValidationOnly = $False; Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:40:44Z' + startDateTime = '2023-09-01T02:45:44Z' # Updated Property expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' @@ -752,20 +736,18 @@ Ensure = "Present"; IdentityProviderType = "Google"; } - AADTenantDetails 'ÇonfigureTenantDetails' + AADTenantDetails 'ConfigureTenantDetails' { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" - SecurityComplianceNotificationPhones = "+1123456789" - SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } - AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + AADTokenLifetimePolicy 'SetTokenLifetimePolicy' { DisplayName = "PolicyDisplayName" - Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') - IsOrganizationDefault = $false + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $true # Updated Ensure = "Present" Credential = $Credscredential } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index 77d7ff00a1..d9766a734b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -158,7 +158,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Remove the AU from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDirectoryAdministrativeUnit -Exactly 1 + Should -Invoke -CommandName Invoke-MgGraphRequest -Exactly 1 } } Context -Name 'The AU Exists and Values are already in the desired state' -Fixture { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 index 3750d5d3ad..9cb8c15afd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 @@ -64,38 +64,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The instance exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - Description = "This is my super context test"; - MaxAttributesPerSet = 420; - Ensure = "Absent"; - Id = "c3"; - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDirectoryAttributeSet -MockWith { - return @{ - Description = "This is my super context test"; - MaxAttributesPerSet = 420; - Id = "c3"; - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should Remove the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDirectoryAttributeSet -Exactly 1 - } - } + Context -Name "The instance exists and values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 index 9d4ad3d0d2..fef35051c8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 @@ -101,116 +101,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADAuthenticationMethodPolicy exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ - AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } -ClientOnly) - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - } -ClientOnly) - SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ - State = "default" - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - Ensure = 'Absent' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { - return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" - } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = @{ - AuthenticationMethodsRegistrationCampaign = @{ - IncludeTargets = @( - @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - } - SystemCredentialPreferences = @{ - State = "default" - IncludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should Remove the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1 - } - } Context -Name "The AADAuthenticationMethodPolicy Exists and Values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 index e9548f18af..b1fbf8669a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 @@ -171,7 +171,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams -Verbose).Ensure | Should -Be 'Present' + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } It 'Should return false from the Test method' { diff --git a/docs/docs/resources/azure-ad/AADAttributeSet.md b/docs/docs/resources/azure-ad/AADAttributeSet.md index bce314c714..d1a5acb36d 100644 --- a/docs/docs/resources/azure-ad/AADAttributeSet.md +++ b/docs/docs/resources/azure-ad/AADAttributeSet.md @@ -7,7 +7,7 @@ | **Id** | Key | String | Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive | | | **Description** | Write | String | Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive | | | **MaxAttributesPerSet** | Write | UInt32 | Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later. | | -| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present` | | **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -110,34 +110,3 @@ Configuration Example } ``` -### Example 3 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADAttributeSet "AADAttributeSetTest" - { - Credential = $credsCredential; - Description = "Attribute set with 420 attributes"; - Ensure = "Absent"; - Id = "TestAttributeSet"; - MaxAttributesPerSet = 300; # Updated Property - } - } -} -``` - diff --git a/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md b/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md index 27a6544b8d..549b6972d2 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md @@ -107,7 +107,7 @@ Configuration Example DisplayName = "My Context"; Ensure = "Present"; Id = "c3"; - IsAvailable = $True; + IsAvailable = $False; # Updated Property } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md index fe416dd6e3..ec03f95a07 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md @@ -12,7 +12,7 @@ | **RegistrationEnforcement** | Write | MSFT_MicrosoftGraphregistrationEnforcement | Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods. | | | **SystemCredentialPreferences** | Write | MSFT_MicrosoftGraphsystemCredentialPreferences | Prompt users with their most-preferred credential for multifactor authentication. | | | **Id** | Write | String | The unique identifier for an entity. Read-only. | | -| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present` | | **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -139,7 +139,6 @@ Configuration Example { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; @@ -147,7 +146,7 @@ Configuration Example PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 + SnoozeDurationInDays = (Get-Random -Minimum 1 -Maximum 14) IncludeTargets = @( MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ TargetedAuthenticationMethod = 'microsoftAuthenticator' @@ -164,78 +163,3 @@ Configuration Example } ``` -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "Updated"; # Updated Property - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationInProgress"; - PolicyVersion = "1.5"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - Credential = $credsCredential; - } - } -} -``` - -### Example 3 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Absent"; - Id = "authenticationMethodsPolicy"; - Credential = $credsCredential; - } - } -} -``` - diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md index ddebf6dff2..14cbb25b2e 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md @@ -192,7 +192,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Finance Team' # Updated Property + Id = 'Executives' # Updated Property TargetType = 'group' } ); diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index d7b1e36665..501599cef5 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -121,6 +121,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @(@()) }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -143,7 +144,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'DSCGroup' + Id = 'Sales Team' TargetType = 'group' } ); @@ -182,6 +183,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index e7a2deec08..c3283880ec 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -155,7 +155,7 @@ Configuration Example ApplicationEnforcedRestrictionsIsEnabled = $False; BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - CloudAppSecurityIsEnabled = $True; # Updated Porperty + CloudAppSecurityIsEnabled = $False; Credential = $Credscredential; DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; @@ -169,7 +169,7 @@ Configuration Example SignInFrequencyInterval = "timeBased"; SignInFrequencyIsEnabled = $True; SignInFrequencyType = "hours"; - SignInFrequencyValue = 1; + SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md index 9953d70bc2..b8bd8bb23b 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md @@ -134,7 +134,7 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' Ensure = 'Absent' Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 4ee4e6dc5c..2c56cbc78a 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -85,6 +85,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { @@ -97,6 +98,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } @@ -118,7 +120,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC - + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADGroup 'MyGroups' @@ -130,6 +132,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md index 31ca7a5d40..a01025ad0e 100644 --- a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md +++ b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md @@ -184,15 +184,15 @@ Configuration Example { AADRoleEligibilityScheduleRequest "MyRequest" { - Action = "AdminAssign"; + Action = "AdminUpdate"; Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; - IsValidationOnly = $True; # Updated Property + IsValidationOnly = $False; Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:40:44Z' + startDateTime = '2023-09-01T02:45:44Z' # Updated Property expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' diff --git a/docs/docs/resources/azure-ad/AADRoleSetting.md b/docs/docs/resources/azure-ad/AADRoleSetting.md index c666d97328..b79cc63f9e 100644 --- a/docs/docs/resources/azure-ad/AADRoleSetting.md +++ b/docs/docs/resources/azure-ad/AADRoleSetting.md @@ -44,7 +44,7 @@ | **EligibleAssignmentAssigneeNotificationDefaultRecipient** | Write | Boolean | Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False) | | | **EligibleAssignmentAssigneeNotificationAdditionalRecipient** | Write | StringArray[] | Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN) | | | **EligibleAssignmentAssigneeNotificationOnlyCritical** | Write | Boolean | Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False) | | -| **Ensure** | Write | String | Specify if the Azure AD role setting should exist or not. | `Present`, `Absent` | +| **Ensure** | Write | String | Specify if the Azure AD role setting should exist or not. | `Present` | | **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -151,68 +151,3 @@ Configuration Example } ``` -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $False; # Updated Property - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Absent' - } - } -} -``` - diff --git a/docs/docs/resources/azure-ad/AADServicePrincipal.md b/docs/docs/resources/azure-ad/AADServicePrincipal.md index 6b31571f6c..4d85019675 100644 --- a/docs/docs/resources/azure-ad/AADServicePrincipal.md +++ b/docs/docs/resources/azure-ad/AADServicePrincipal.md @@ -162,8 +162,8 @@ Configuration Example { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = "AppDisplayName" + DisplayName = "AppDisplayName" Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADTenantDetails.md b/docs/docs/resources/azure-ad/AADTenantDetails.md index 7e84e98fd7..cd103a3081 100644 --- a/docs/docs/resources/azure-ad/AADTenantDetails.md +++ b/docs/docs/resources/azure-ad/AADTenantDetails.md @@ -66,12 +66,10 @@ Configuration Example { Node Localhost { - AADTenantDetails 'ÇonfigureTenantDetails' + AADTenantDetails 'ConfigureTenantDetails' { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" - SecurityComplianceNotificationPhones = "+1123456789" - SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } diff --git a/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md b/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md index c9ea49d908..f82fc1924a 100644 --- a/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md +++ b/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md @@ -69,7 +69,7 @@ Configuration Example AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' { DisplayName = "PolicyDisplayName" - Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); IsOrganizationDefault = $false Ensure = "Present" Credential = $Credscredential @@ -83,6 +83,35 @@ Configuration Example This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADTokenLifetimePolicy 'SetTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $true # Updated + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + ```powershell Configuration Example { diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index 0153626464..7201e06f9b 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -161,6 +161,7 @@ Configuration Example AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" + DisplayName = "John J. Smith" Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md index c5e08e360f..1c27b27741 100644 --- a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md +++ b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md @@ -26,6 +26,7 @@ | **MakeDefault** | Write | Boolean | Make this the default antiphishing policy | | | **ExcludedDomains** | Write | StringArray[] | The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas. | | | **ExcludedSenders** | Write | StringArray[] | The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas. | | +| **HonorDmarcPolicy** | Write | Boolean | The HonorDmarcPolicy enables or disables using the sender's DMARC policy to determine what to do to messages that fail DMARC checks. | | | **ImpersonationProtectionState** | Write | String | The ImpersonationProtectionState parameter specifies the configuration of impersonation protection. | | | **MailboxIntelligenceProtectionAction** | Write | String | The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection. | | | **MailboxIntelligenceProtectionActionRecipients** | Write | StringArray[] | The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage. | |