From 0b4d090773680607a4e5ed6146e40a575a50926f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 10 Jan 2024 20:35:54 +0000 Subject: [PATCH 01/60] Updated {Create} AAD Integration Tests --- .../M365DSCIntegration.AAD.Create.Tests.ps1 | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index ec021a850f..d4f1eccd47 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -114,17 +114,9 @@ Id = 'Legal Team' TargetType = 'group' } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' - TargetType = 'group' - } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -132,10 +124,6 @@ State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -143,10 +131,6 @@ State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' From 7acd2aef49201ab63e4136622c9e1e6ffb4df90a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 10 Jan 2024 20:40:09 +0000 Subject: [PATCH 02/60] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Update.Tests.ps1 | 23 +++---------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index dd39063f6d..0d1b899fa6 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -110,20 +110,12 @@ Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Legal Team' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Paralegals' + Id = 'Finance Team' # Updated Property TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -131,10 +123,6 @@ State = 'default' } CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -142,10 +130,6 @@ State = 'default' } DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'all_users' - TargetType = 'group' - } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ Id = 'all_users' TargetType = 'group' @@ -164,7 +148,7 @@ TargetType = 'group' } ); - IsSoftwareOathEnabled = $True; # Updated Property + IsSoftwareOathEnabled = $False; State = "enabled"; } AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' @@ -338,7 +322,7 @@ TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "enabled"; } AADAuthenticationStrengthPolicy 'AADAuthenticationStrengthPolicy-Example' { @@ -576,7 +560,6 @@ OriginSystem = 'SharePointOnline' ResourceType = 'SharePoint Online Site' Url = "https://$($Domain.Split('.')[0]).sharepoint.com/sites/HumanResources" - Url = "https://$Domain.sharepoint.com/sites/HumanResources" Ensure = 'Present' Credential = $Credscredential } From 184b3a16390976a8fcc70cc92389b5e7ea302a58 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 11 Jan 2024 15:15:26 -0500 Subject: [PATCH 03/60] Fixes AAD Integration Update Tests --- ...thenticationMethodPolicyAuthenticator.psm1 | 38 +++++++++++-------- .../2-Update.ps1 | 2 +- .../AADConditionalAccessPolicy/2-Update.ps1 | 4 +- .../Modules/M365DSCDRGUtil.psm1 | 26 +++++++++++-- 4 files changed, 48 insertions(+), 22 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index 1af1575dc7..bcc87c21a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -507,7 +507,10 @@ function Set-TargetResource $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $UpdateParameters.Remove('Id') | Out-Null + + Write-Verbose -Message "Flag1" # replace group Displayname with group id if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -and ` $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and @@ -518,6 +521,8 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid) } + + Write-Verbose -Message "Flag2" if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -and ` $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) @@ -527,6 +532,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag3" if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -and ` $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) @@ -536,6 +542,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag4" if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -and ` $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) @@ -545,6 +552,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag5" if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -and ` $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) @@ -554,6 +562,7 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid) } + Write-Verbose -Message "Flag6" if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -and ` $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) @@ -565,33 +574,24 @@ function Set-TargetResource } # DEPRECATED + Write-Verbose -Message "Flag7" if ($UpdateParameters.featureSettings.ContainsKey('NumberMatchingRequiredState')) { Write-Verbose -Message "The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration." $UpdateParameters.featureSettings.Remove('NumberMatchingRequiredState') } + Write-Verbose -Message "Flag8" $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { + Write-Verbose -Message "Flag9a" $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + Write-Verbose -Message "Flag9b" } - if ($key -eq 'IncludeTargets') - { - $i = 0 - foreach ($entry in $UpdateParameters.$key) - { - if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') - { - $Filter = "Displayname eq '$($entry.id)'" | Out-String - $UpdateParameters.$key[$i].foreach('id', (Get-MgGroup -Filter $Filter).id.ToString()) - } - $i++ - } - } - if ($key -eq 'ExcludeTargets') + if ($key -eq 'IncludeTargets' -or $key -eq 'ExcludeTargets') { $i = 0 foreach ($entry in $UpdateParameters.$key) @@ -599,7 +599,15 @@ function Set-TargetResource if ($entry.id -notmatch '^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$|all_users') { $Filter = "Displayname eq '$($entry.id)'" | Out-String - $UpdateParameters.$key[$i].foreach('id', (Get-MgGroup -Filter $Filter).id.ToString()) + $group = Get-MgGroup -Filter $Filter + if ($null -ne $group) + { + $UpdateParameters.$key[$i].foreach('id', $group.id.ToString()) + } + else + { + Write-Verbose -Message "Couldn't find group with DisplayName {$($entry.id)}" + } } $i++ } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 index e5249bc9b3..cd3382cfa8 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -21,7 +21,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Finance Team' # Updated Property + Id = 'Executives' # Updated Property TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 index 59adad1221..6693440a4a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 @@ -20,7 +20,7 @@ Configuration Example ApplicationEnforcedRestrictionsIsEnabled = $False; BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - CloudAppSecurityIsEnabled = $True; # Updated Porperty + CloudAppSecurityIsEnabled = $False; Credential = $Credscredential; DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; @@ -34,7 +34,7 @@ Configuration Example SignInFrequencyInterval = "timeBased"; SignInFrequencyIsEnabled = $True; SignInFrequencyType = "hours"; - SignInFrequencyValue = 1; + SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 2a7a150752..2af67080d1 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -54,16 +54,21 @@ function Rename-M365DSCCimInstanceParameter ) $result = $Properties - $type = $Properties.getType().FullName - #region Array if ($type -like '*[[\]]') { $values = @() foreach ($item in $Properties) { - $values += Rename-M365DSCCimInstanceParameter $item -KeyMapping $KeyMapping + try + { + $values += Rename-M365DSCCimInstanceParameter $item -KeyMapping $KeyMapping + } + catch + { + Write-Verbose -Message "Error getting values for item {$item}" + } } $result = $values @@ -81,6 +86,7 @@ function Rename-M365DSCCimInstanceParameter { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) @@ -90,10 +96,22 @@ function Rename-M365DSCCimInstanceParameter } $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property -KeyMapping $KeyMapping)) + try + { + $subValue = Rename-M365DSCCimInstanceParameter $property -KeyMapping $KeyMapping + if ($null -ne $subValue) + { + $hashProperties.add($keyName, $subValue) + } + } + catch + { + Write-Verbose -Message "Error adding $property" + } } } $result = $hashProperties From a622774066fddd1aa2a08e232ee9ad84d3a1af76 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 11 Jan 2024 21:32:47 +0000 Subject: [PATCH 04/60] Fix CIM instances comparison and their export --- CHANGELOG.md | 7 +++ ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 43 ++++++------------- 2 files changed, 19 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80c14b376f..09d6adee3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationPolicyMacOS + * Fix CIM instances comparison in Test-TargetResource and export + CompliantAppsList with the correct type + FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144) + # 1.24.110.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index ef49efa6c7..7bd2692b59 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1204,6 +1204,8 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Id') | Out-Null if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { @@ -1212,34 +1214,19 @@ function Test-TargetResource } $testResult = $true + #Compare Cim instances foreach ($key in $PSBoundParameters.Keys) { - if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $CIMArraySource = @() - $CIMArrayTarget = @() - $CIMArraySource += $PSBoundParameters[$key] - $CIMArrayTarget += $CurrentValues.$key - if ($CIMArraySource.count -ne $CIMArrayTarget.count) - { - Write-Verbose -Message "Configuration drift:Number of items does not match: Source=$($CIMArraySource.count) Target=$($CIMArrayTarget.count)" - $testResult = $false - break - } - $i = 0 - foreach ($item in $CIMArraySource ) - { - $testResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $CIMArraySource[$i]) ` - -Target ($CIMArrayTarget[$i]) + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) - $i++ - if (-Not $testResult) - { - $testResult = $false - break - } - } if (-Not $testResult) { $testResult = $false @@ -1250,12 +1237,6 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('Id') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -1369,7 +1350,7 @@ function Export-TargetResource if ($Results.CompliantAppsList) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.CompliantAppsList -CIMInstanceName MicrosoftGraphapplistitem + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.CompliantAppsList -CIMInstanceName MicrosoftGraphapplistitemMacOS if ($complexTypeStringResult) { $Results.CompliantAppsList = $complexTypeStringResult From 693230fe8e87f06d66f680c893b861c77ce06651 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 11 Jan 2024 21:33:11 +0000 Subject: [PATCH 05/60] Fix couple of entries in CHANGELOG.md --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09d6adee3c..9b8f39b1f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,11 +16,11 @@ * AADConditionalAccessPolicy * Added support for application filters in the conditions. * Implement Fix #3885. Manage Exclude Application. - FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] + FIXES [#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885) * EXOHostedContentFilterPolicy * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, BlockSenderDomains if desired state is empty but current state is not empty. - FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) + FIXES [#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) * EXOMailContact * Added support for Custom Attributes and Extension Custom Attributes. * IntuneDeviceConfigurationPolicyMacOS From 2546c61a3f1ba7f295c3b7477d235659d7b6fa67 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 08:05:31 -0500 Subject: [PATCH 06/60] Updated MSCloudLoginAssistant --- CHANGELOG.md | 6 ++++++ Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 4 ++-- .../Examples/Resources/AADTenantDetails/2-Update.ps1 | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80c14b376f..dc96768a21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. + * Updated MSCloudLoginAssistant to version 1.1.5. + # 1.24.110.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 8ee78e7e70..fba4f4ea23 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -78,7 +78,7 @@ }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.177' + RequiredVersion = '2.0.178' }, @{ ModuleName = 'MicrosoftTeams' @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.4" + RequiredVersion = "1.1.5" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 index 4709f7fc07..c8797d3fe3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 @@ -13,7 +13,7 @@ Configuration Example { Node Localhost { - AADTenantDetails 'ÇonfigureTenantDetails' + AADTenantDetails 'ConfigureTenantDetails' { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" From 98f6d41791638ab2aa18e43d2ca2baffa21d6fa1 Mon Sep 17 00:00:00 2001 From: mario Date: Mon, 15 Jan 2024 13:34:57 +0000 Subject: [PATCH 07/60] Add support for HonorDmarcPolicy parameter --- CHANGELOG.md | 6 ++++++ .../MSFT_EXOAntiPhishPolicy.psm1 | 13 +++++++++++++ .../MSFT_EXOAntiPhishPolicy.schema.mof | 1 + 3 files changed, 20 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80c14b376f..6cd28e4639 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* EXOAntiPhishPolicy + * Add support for HonorDmarcPolicy parameter + FIXES [[#4138](https://github.com/microsoft/Microsoft365DSC/issues/4138)] + # 1.24.110.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 index 44c5a697ae..fe9e3514ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 @@ -82,6 +82,10 @@ function Get-TargetResource [System.String[]] $ExcludedSenders = @(), + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + [Parameter()] [ValidateSet('Automatic', 'Manual', 'Off')] [System.String] @@ -253,6 +257,7 @@ function Get-TargetResource EnableViaTag = $AntiPhishPolicy.EnableViaTag ExcludedDomains = $AntiPhishPolicy.ExcludedDomains ExcludedSenders = $AntiPhishPolicy.ExcludedSenders + HonorDmarcPolicy = $AntiPhishPolicy.HonorDmarcPolicy ImpersonationProtectionState = $AntiPhishPolicy.ImpersonationProtectionState MailboxIntelligenceProtectionAction = $AntiPhishPolicy.MailboxIntelligenceProtectionAction MailboxIntelligenceProtectionActionRecipients = $AntiPhishPolicy.MailboxIntelligenceProtectionActionRecipients @@ -378,6 +383,10 @@ function Set-TargetResource [System.String[]] $ExcludedSenders = @(), + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + [Parameter()] [ValidateSet('Automatic', 'Manual', 'Off')] [System.String] @@ -606,6 +615,10 @@ function Test-TargetResource [System.String[]] $ExcludedSenders = @(), + [Parameter()] + [System.Boolean] + $HonorDmarcPolicy, + [Parameter()] [ValidateSet('Automatic', 'Manual', 'Off')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof index 7beea61e89..b0a1543ee2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof @@ -23,6 +23,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource [Write, Description("Make this the default antiphishing policy")] Boolean MakeDefault; [Write, Description("The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.")] String ExcludedDomains[]; [Write, Description("The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.")] String ExcludedSenders[]; + [Write, Description("The HonorDmarcPolicy enables or disables using the sender's DMARC policy to determine what to do to messages that fail DMARC checks.")] Boolean HonorDmarcPolicy; [Write, Description("The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.")] String ImpersonationProtectionState; [Write, Description("The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.")] String MailboxIntelligenceProtectionAction; [Write, Description("The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.")] String MailboxIntelligenceProtectionActionRecipients[]; From d7e461e1b809504e1a5c4f69f6abb785d0bd2f35 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 13:43:01 +0000 Subject: [PATCH 08/60] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAuthenticationMethodPolicyAuthenticator.md | 2 +- docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md | 4 ++-- docs/docs/resources/azure-ad/AADTenantDetails.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md index ddebf6dff2..14cbb25b2e 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md @@ -192,7 +192,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Finance Team' # Updated Property + Id = 'Executives' # Updated Property TargetType = 'group' } ); diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index e7a2deec08..c3283880ec 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -155,7 +155,7 @@ Configuration Example ApplicationEnforcedRestrictionsIsEnabled = $False; BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - CloudAppSecurityIsEnabled = $True; # Updated Porperty + CloudAppSecurityIsEnabled = $False; Credential = $Credscredential; DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; @@ -169,7 +169,7 @@ Configuration Example SignInFrequencyInterval = "timeBased"; SignInFrequencyIsEnabled = $True; SignInFrequencyType = "hours"; - SignInFrequencyValue = 1; + SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } } diff --git a/docs/docs/resources/azure-ad/AADTenantDetails.md b/docs/docs/resources/azure-ad/AADTenantDetails.md index 7e84e98fd7..a6852e177a 100644 --- a/docs/docs/resources/azure-ad/AADTenantDetails.md +++ b/docs/docs/resources/azure-ad/AADTenantDetails.md @@ -66,7 +66,7 @@ Configuration Example { Node Localhost { - AADTenantDetails 'ÇonfigureTenantDetails' + AADTenantDetails 'ConfigureTenantDetails' { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" From 40cc2e81e1c2ef356fa46d70dc784319617970ef Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 10:20:01 -0500 Subject: [PATCH 09/60] Update 1-Create.ps1 --- .../Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 index a76ea022c8..17397660a0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 @@ -11,6 +11,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { @@ -23,6 +24,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From 40bbbda03d4bc91b844f81aff7c8f04a4075df3b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 15:23:25 +0000 Subject: [PATCH 10/60] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADGroup.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 4ee4e6dc5c..3e64364474 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -85,6 +85,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { @@ -97,6 +98,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From f078a33d1366404e899485ea103ae3a0ee3dcb05 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 15:26:15 +0000 Subject: [PATCH 11/60] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index d4f1eccd47..1ff9c34346 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -473,6 +473,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From ed25280a02753076d86e027326fc4faf200dc2ee Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 15:29:03 +0000 Subject: [PATCH 12/60] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Update.Tests.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 0d1b899fa6..e1af1539f7 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -110,7 +110,7 @@ Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'Finance Team' # Updated Property + Id = 'Executives' # Updated Property TargetType = 'group' } ); @@ -355,7 +355,7 @@ ApplicationEnforcedRestrictionsIsEnabled = $False; BuiltInControls = @("mfa"); ClientAppTypes = @("all"); - CloudAppSecurityIsEnabled = $True; # Updated Porperty + CloudAppSecurityIsEnabled = $False; Credential = $Credscredential; DeviceFilterMode = "exclude"; DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; @@ -369,7 +369,7 @@ SignInFrequencyInterval = "timeBased"; SignInFrequencyIsEnabled = $True; SignInFrequencyType = "hours"; - SignInFrequencyValue = 1; + SignInFrequencyValue = 2; # Updated Porperty State = "disabled"; } AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' @@ -735,7 +735,7 @@ Ensure = "Present"; IdentityProviderType = "Google"; } - AADTenantDetails 'ÇonfigureTenantDetails' + AADTenantDetails 'ConfigureTenantDetails' { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" From c7bf1a0347e4bfbe17f33d12d6d11cfdf4090639 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 10:33:34 -0500 Subject: [PATCH 13/60] Update 2-Update.ps1 --- .../Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 index a2f4d5c942..0a2a11f894 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -11,7 +11,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC - + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADGroup 'MyGroups' @@ -23,6 +23,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From 526a50bc11ecb260498776f21ec5a15b3f8f6cef Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 15:34:31 +0000 Subject: [PATCH 14/60] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADGroup.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 3e64364474..2c56cbc78a 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -120,7 +120,7 @@ Configuration Example $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC - + $Domain = $Credscredential.Username.Split('@')[1] node localhost { AADGroup 'MyGroups' @@ -132,6 +132,7 @@ Configuration Example GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From cf4b7cc197243e751f22fc0fae6cdc644cb21bbe Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 15:39:39 +0000 Subject: [PATCH 15/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index e1af1539f7..6556ab00ab 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -596,6 +596,7 @@ GroupTypes = @("Unified") MailNickname = "M365DSC" Visibility = "Private" + Owners = @("AdeleV@$Domain") Ensure = "Present" Credential = $Credscredential } From 6ca9d35f5b6e95b3c5170fc7d4a82fd5bf14f696 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 11:04:40 -0500 Subject: [PATCH 16/60] Update Global - Integration - AAD.yml --- .github/workflows/Global - Integration - AAD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Global - Integration - AAD.yml b/.github/workflows/Global - Integration - AAD.yml index 7f681f74d9..8e0a305824 100644 --- a/.github/workflows/Global - Integration - AAD.yml +++ b/.github/workflows/Global - Integration - AAD.yml @@ -103,7 +103,7 @@ jobs: $SHA = git rev-parse HEAD echo "commitid=$SHA" >> $env:GITHUB_OUTPUT - name: Run {Update} Integration Tests - shell: powershell + shell: pwsh env: INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} From 4d762fb1203f2a1af4005022e660486e4d59d537 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 11:11:50 -0500 Subject: [PATCH 17/60] Update Global - Integration - AAD.yml --- .github/workflows/Global - Integration - AAD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Global - Integration - AAD.yml b/.github/workflows/Global - Integration - AAD.yml index 8e0a305824..7f681f74d9 100644 --- a/.github/workflows/Global - Integration - AAD.yml +++ b/.github/workflows/Global - Integration - AAD.yml @@ -103,7 +103,7 @@ jobs: $SHA = git rev-parse HEAD echo "commitid=$SHA" >> $env:GITHUB_OUTPUT - name: Run {Update} Integration Tests - shell: pwsh + shell: powershell env: INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} From 6fd03735fdfacaf89273e51944764e09a43e18c9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 12:00:01 -0500 Subject: [PATCH 18/60] Update 2-Update.ps1 --- .../Examples/Resources/AADTenantDetails/2-Update.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 index c8797d3fe3..09a729a235 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 @@ -17,8 +17,6 @@ Configuration Example { { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" - SecurityComplianceNotificationPhones = "+1123456789" - SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } From 299a3be9b16963ad0be6ecd5220577d74158866c Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 17:00:46 +0000 Subject: [PATCH 19/60] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADTenantDetails.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADTenantDetails.md b/docs/docs/resources/azure-ad/AADTenantDetails.md index a6852e177a..cd103a3081 100644 --- a/docs/docs/resources/azure-ad/AADTenantDetails.md +++ b/docs/docs/resources/azure-ad/AADTenantDetails.md @@ -70,8 +70,6 @@ Configuration Example { { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" - SecurityComplianceNotificationPhones = "+1123456789" - SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } From ce45497e8acce8d1b8111b3090baa8376330bdb0 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 17:06:11 +0000 Subject: [PATCH 20/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 6556ab00ab..c17448c994 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -740,8 +740,6 @@ { IsSingleInstance = 'Yes' TechnicalNotificationMails = "example@contoso.com" - SecurityComplianceNotificationPhones = "+1123456789" - SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } From 6ecd515ab837dcb0e82aff8041a4a88a8fde07fe Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 12:39:13 -0500 Subject: [PATCH 21/60] Fixes --- .../MSFT_AADTenantDetails.psm1 | 2 ++ .../AADTokenLifetimePolicy/1-Create.ps1 | 26 +++++++++++++++++++ .../AADTokenLifetimePolicy/2-Update.ps1 | 6 ++--- 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 index bdd1653227..7431729c3c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTenantDetails/MSFT_AADTenantDetails.psm1 @@ -206,6 +206,8 @@ function Set-TargetResource $currentParameters.Add('OrganizationId', $(Get-MgBetaOrganization).Id) try { + Write-Verbose -Message "Calling Update-MGBetaOrganization with parameters:" + Write-Verbose -Message "$(Convert-M365DscHashtableToString -Hashtable $currentParameters)" Update-MgBetaOrganization @currentParameters } catch diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 new file mode 100644 index 0000000000..886fe687b7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-Create.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $false + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 index f2368d068c..729710ea27 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 @@ -14,11 +14,11 @@ Configuration Example node localhost { - AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + AADTokenLifetimePolicy 'SetTokenLifetimePolicy' { DisplayName = "PolicyDisplayName" - Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') - IsOrganizationDefault = $false + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $true # Updated Ensure = "Present" Credential = $Credscredential } From 4dbd44df86176becb1aa85d06845e69144068bde Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 17:40:33 +0000 Subject: [PATCH 22/60] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADTokenLifetimePolicy.md | 31 ++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md b/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md index c9ea49d908..f82fc1924a 100644 --- a/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md +++ b/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md @@ -69,7 +69,7 @@ Configuration Example AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' { DisplayName = "PolicyDisplayName" - Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); IsOrganizationDefault = $false Ensure = "Present" Credential = $Credscredential @@ -83,6 +83,35 @@ Configuration Example This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADTokenLifetimePolicy 'SetTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $true # Updated + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + ```powershell Configuration Example { From fcbf946898c8e960de6fd5d419d75988b3b7d8de Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 17:42:22 +0000 Subject: [PATCH 23/60] Updated {Create} AAD Integration Tests --- .../M365DSCIntegration.AAD.Create.Tests.ps1 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 1ff9c34346..6281f0bd2e 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -539,6 +539,14 @@ Ensure = "Present"; IdentityProviderType = "Google"; } + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $false + Ensure = "Present" + Credential = $Credscredential + } AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" From 9a8c233a543bd4c605dddd98cdb8c0a25f167b15 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 17:45:46 +0000 Subject: [PATCH 24/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index c17448c994..3c6b8fa7b6 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -743,11 +743,11 @@ MarketingNotificationEmails = "example@contoso.com" Credential = $credsCredential } - AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + AADTokenLifetimePolicy 'SetTokenLifetimePolicy' { DisplayName = "PolicyDisplayName" - Definition = @('{"TokenIssuancePolicy":{"Version": 1,"SigningAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1","TokenResponseSigningPolicy": "TokenOnly","SamlTokenVersion": "2.0"}}') - IsOrganizationDefault = $false + Definition = @("{`"TokenLifetimePolicy`":{`"Version`":1,`"AccessTokenLifetime`":`"02:00:00`"}}"); + IsOrganizationDefault = $true # Updated Ensure = "Present" Credential = $Credscredential } From c97bdaddc43553973f0a2d5237145e94e466e279 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 14:06:23 -0500 Subject: [PATCH 25/60] Fixes Integration --- .../MSFT_AADAuthenticationMethodPolicy.psm1 | 18 +++---- ...T_AADAuthenticationMethodPolicy.schema.mof | 2 +- ...SFT_AADRoleEligibilityScheduleRequest.psm1 | 51 ++++++++++++++++++- .../1-Create.ps1 | 42 --------------- .../2-Update.ps1 | 3 +- .../3-Remove.ps1 | 27 ---------- 6 files changed, 58 insertions(+), 85 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index 5f2a544a0d..bc133df731 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -41,7 +41,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -91,7 +91,10 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue + } if ($null -eq $getValue) { @@ -290,7 +293,7 @@ function Set-TargetResource #endregion [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -361,13 +364,6 @@ function Set-TargetResource Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters #endregion } - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing the Azure AD Authentication Method Policy with Id {$($currentInstance.Id)}" - #region resource generator code - Remove-MgBetaPolicyAuthenticationMethodPolicy - #endregion - } } function Test-TargetResource @@ -412,7 +408,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof index 3032878341..f7f304d3bb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof @@ -55,7 +55,7 @@ class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource [Write, Description("Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphregistrationEnforcement")] String RegistrationEnforcement; [Write, Description("Prompt users with their most-preferred credential for multifactor authentication."), EmbeddedInstance("MSFT_MicrosoftGraphsystemCredentialPreferences")] String SystemCredentialPreferences; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index f1e371a6d5..7d8c09f1c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -187,6 +187,44 @@ } else { + $ObjectGuid = [System.Guid]::empty + if ($PrincipalType -eq 'User') + { + Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}" + + if ([System.Guid]::TryParse($Principal,[System.Management.Automation.PSReference]$ObjectGuid)) + { + $PrincipalIdValue = Get-MgUser -UserId $Principal -ErrorAction SilentlyContinue + } + else + { + $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue + } + $PrincipalTypeValue = 'User' + } + + if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group') + { + Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}" + if ([System.Guid]::TryParse($Principal,[System.Management.Automation.PSReference]$ObjectGuid)) + { + $PrincipalIdValue = Get-MgGroup -GroupId $Principal -ErrorAction SilentlyContinue + } + else + { + $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue + } + $PrincipalTypeValue = 'Group' + } + + if ($null -ne $PrincipalIdValue) + { + $PrincipalId = $PrincipalIdValue.Id + } + else + { + return $nullResult + } $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id $schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$($request.PrincipalId)' and RoleDefinitionId eq '$RoleDefinitionId'" } @@ -797,8 +835,17 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo - + try + { + if ($null -ne $results.ScheduleInfo) + { + $Results.ScheduleInfo = Get-M365DSCAzureADEligibilityRequestScheduleInfoAsString -ScheduleInfo $Results.ScheduleInfo + } + } + catch + { + Write-Verbose -Message "Error converting Schedule: $_" + } if ($Results.TicketInfo) { $Results.TicketInfo = Get-M365DSCAzureADEligibilityRequestTicketInfoAsString -TicketInfo $Results.TicketInfo diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 deleted file mode 100644 index fccaab7aff..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 +++ /dev/null @@ -1,42 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationInProgress"; - PolicyVersion = "1.5"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - Credential = $credsCredential; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 index 906e101085..3ad69bbb1d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 @@ -17,7 +17,6 @@ Configuration Example { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - Description = "Updated"; # Updated Property DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; @@ -25,7 +24,7 @@ Configuration Example PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 + SnoozeDurationInDays = (Get-Random -Minimum 1 -Maximum 14) IncludeTargets = @( MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ TargetedAuthenticationMethod = 'microsoftAuthenticator' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 deleted file mode 100644 index 4d2777f8cd..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 +++ /dev/null @@ -1,27 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Absent"; - Id = "authenticationMethodsPolicy"; - Credential = $credsCredential; - } - } -} From 523b361277cea7d0da714e9d3237d8da0fd4bd7c Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 19:07:43 +0000 Subject: [PATCH 26/60] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAuthenticationMethodPolicy.md | 80 +------------------ 1 file changed, 2 insertions(+), 78 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md index fe416dd6e3..ec03f95a07 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md @@ -12,7 +12,7 @@ | **RegistrationEnforcement** | Write | MSFT_MicrosoftGraphregistrationEnforcement | Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods. | | | **SystemCredentialPreferences** | Write | MSFT_MicrosoftGraphsystemCredentialPreferences | Prompt users with their most-preferred credential for multifactor authentication. | | | **Id** | Write | String | The unique identifier for an entity. Read-only. | | -| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present` | | **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -139,7 +139,6 @@ Configuration Example { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; @@ -147,7 +146,7 @@ Configuration Example PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 + SnoozeDurationInDays = (Get-Random -Minimum 1 -Maximum 14) IncludeTargets = @( MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ TargetedAuthenticationMethod = 'microsoftAuthenticator' @@ -164,78 +163,3 @@ Configuration Example } ``` -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "Updated"; # Updated Property - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationInProgress"; - PolicyVersion = "1.5"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - Credential = $credsCredential; - } - } -} -``` - -### Example 3 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Absent"; - Id = "authenticationMethodsPolicy"; - Credential = $credsCredential; - } - } -} -``` - From 00bdc5133e3c644b8e820c37dd53b683ee04093d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 19:09:51 +0000 Subject: [PATCH 27/60] Updated {Create} AAD Integration Tests --- .../M365DSCIntegration.AAD.Create.Tests.ps1 | 23 ------------------- 1 file changed, 23 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 6281f0bd2e..d8d32b01f8 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -82,29 +82,6 @@ Id = "c3"; IsAvailable = $True; } - AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' - { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; - DisplayName = "Authentication Methods Policy"; - Ensure = "Present"; - Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationInProgress"; - PolicyVersion = "1.5"; - RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ - AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 - IncludeTargets = @( - MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ - TargetedAuthenticationMethod = 'microsoftAuthenticator' - TargetType = 'group' - Id = 'all_users' - } - ) - State = 'default' - } - }; - Credential = $credsCredential; - } AADAuthenticationMethodPolicyAuthenticator 'AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator' { Credential = $Credscredential; From 4530decc4694dbc5268c7b72dd63d366dc5b64f7 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 19:13:41 +0000 Subject: [PATCH 28/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 3c6b8fa7b6..84577df065 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -83,7 +83,6 @@ } AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' { - Description = "Updated"; # Updated Property DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; @@ -91,7 +90,7 @@ PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ - SnoozeDurationInDays = 1 + SnoozeDurationInDays = (Get-Random -Minimum 1 -Maximum 14) IncludeTargets = @( MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ TargetedAuthenticationMethod = 'microsoftAuthenticator' From d95cd01ca9e748da164e1b30e7d2914672cb6c59 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 14:50:01 -0500 Subject: [PATCH 29/60] Fixes --- .../Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 index 9131d0a4e7..c2c744458b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 @@ -19,7 +19,7 @@ Configuration Example { AADRoleEligibilityScheduleRequest "MyRequest" { - Action = "AdminAssign"; + Action = "AdminUpdate"; Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; @@ -27,7 +27,7 @@ Configuration Example Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:40:44Z' + startDateTime = '2023-09-01T02:45:44Z' expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' From e3e8271d44c31da8aef3c8ce48aba89f88cd2e55 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 19:51:24 +0000 Subject: [PATCH 30/60] Updated Resources and Cmdlet documentation pages --- .../resources/azure-ad/AADRoleEligibilityScheduleRequest.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md index 31ca7a5d40..a8d59fab06 100644 --- a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md +++ b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md @@ -184,7 +184,7 @@ Configuration Example { AADRoleEligibilityScheduleRequest "MyRequest" { - Action = "AdminAssign"; + Action = "AdminUpdate"; Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; @@ -192,7 +192,7 @@ Configuration Example Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:40:44Z' + startDateTime = '2023-09-01T02:45:44Z' expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' From 7e34859007ece343e2f74d9dbdd0284f6ddd1d4d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 20:15:43 +0000 Subject: [PATCH 31/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 84577df065..ae740ef503 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -651,7 +651,7 @@ } AADRoleEligibilityScheduleRequest 'MyRequest' { - Action = "AdminAssign"; + Action = "AdminUpdate"; Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; @@ -659,7 +659,7 @@ Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:40:44Z' + startDateTime = '2023-09-01T02:45:44Z' expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' From 3cdb893606758e0dc51d6eea5d8818f520e9cf66 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 15:34:32 -0500 Subject: [PATCH 32/60] Update MSFT_AADRoleEligibilityScheduleRequest.psm1 --- .../MSFT_AADRoleEligibilityScheduleRequest.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 7d8c09f1c3..f7becb8603 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -684,7 +684,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - + $ValuesToCheck.Remove("Action") | Out-Null if($null -ne $CurrentValues.ScheduleInfo -and $null -ne $ValuesToCheck.ScheduleInfo) { # Compare ScheduleInfo.Expiration From 7cff2ca5fc068b39722424b094b787b11e576bcf Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 15 Jan 2024 15:55:27 -0500 Subject: [PATCH 33/60] Update 2-Update.ps1 --- .../Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 index c2c744458b..fbfb5574ca 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 @@ -23,11 +23,11 @@ Configuration Example Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; - IsValidationOnly = $True; # Updated Property + IsValidationOnly = $False; Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:45:44Z' + startDateTime = '2023-09-01T02:45:44Z' # Updated Property expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' From 9a2dc3bda3ac3fdf8d1496346896da1b2db9aaaa Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 20:56:12 +0000 Subject: [PATCH 34/60] Updated Resources and Cmdlet documentation pages --- .../resources/azure-ad/AADRoleEligibilityScheduleRequest.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md index a8d59fab06..a01025ad0e 100644 --- a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md +++ b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md @@ -188,11 +188,11 @@ Configuration Example Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; - IsValidationOnly = $True; # Updated Property + IsValidationOnly = $False; Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:45:44Z' + startDateTime = '2023-09-01T02:45:44Z' # Updated Property expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' From 724630eb0ea88e00732c44f4e522530d4b1c0983 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 21:02:15 +0000 Subject: [PATCH 35/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index ae740ef503..09273edda6 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -655,11 +655,11 @@ Credential = $Credscredential; DirectoryScopeId = "/"; Ensure = "Present"; - IsValidationOnly = $True; # Updated Property + IsValidationOnly = $False; Principal = "AdeleV@$Domain"; RoleDefinition = "Teams Communications Administrator"; ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { - startDateTime = '2023-09-01T02:45:44Z' + startDateTime = '2023-09-01T02:45:44Z' # Updated Property expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration { endDateTime = '2025-10-31T02:40:09Z' From 4ba5590a6feb830be8a5bcd9261cd7d789e01393 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 15 Jan 2024 21:05:40 +0000 Subject: [PATCH 36/60] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Remove.Tests.ps1 | 332 ++++++++++++++++++ 1 file changed, 332 insertions(+) create mode 100644 Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 new file mode 100644 index 0000000000..3c73a9d2ed --- /dev/null +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -0,0 +1,332 @@ + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Configuration Master + { + param + ( + [Parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] + Node Localhost + { + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + Ensure = 'Absent' + Credential = $Credscredential + } + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + AADAttributeSet 'AADAttributeSetTest' + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Absent"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 300; # Updated Property + } + AADAuthenticationContextClassReference 'AADAuthenticationContextClassReference-Test' + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Absent"; + Id = "c3"; + IsAvailable = $True; + } + AADAuthenticationMethodPolicyAuthenticator 'AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator' + { + Ensure = "Absent"; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' + { + Ensure = "Absent"; + Id = "Email"; + State = "disabled"; # Updated Property + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyFido2 'AADAuthenticationMethodPolicyFido2-Fido2' + { + Ensure = "Absent"; + Id = "Fido2"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicySms 'AADAuthenticationMethodPolicySms-Sms' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Sms"; + } + AADAuthenticationMethodPolicySoftware 'AADAuthenticationMethodPolicySoftware-SoftwareOath' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "SoftwareOath"; + } + AADAuthenticationMethodPolicyTemporary 'AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "TemporaryAccessPass"; + } + AADAuthenticationMethodPolicyVoice 'AADAuthenticationMethodPolicyVoice-Voice' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Voice"; + } + AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate' + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "X509Certificate"; + } + AADAuthenticationStrengthPolicy 'AADAuthenticationStrengthPolicy-Example' + { + DisplayName = "Example"; + Ensure = "Absent"; + Credential = $Credscredential; + } + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + Ensure = 'Absent' + Credential = $Credscredential + } + AADCrossTenantAccessPolicy 'AADCrossTenantAccessPolicy' + { + AllowedCloudEndpoints = @("microsoftonline.us"); + Credential = $Credscredential; + DisplayName = "MyXTAPPolicy"; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + AADCrossTenantAccessPolicyConfigurationDefault 'AADCrossTenantAccessPolicyConfigurationDefault' + { + Credential = $Credscredential; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' + { + Credential = $Credscredential; + Ensure = "Absent"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageAssignmentPolicy 'myAssignmentPolicyWithAccessReviewsSettings' + { + DisplayName = "External tenant"; + Ensure = "Absent" + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + Ensure = 'Absent' + Credential = $Credscredential + } + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + DisplayName = "Test Tenant - DSC"; + Ensure = "Absent" + Credential = $Credscredential + } + AADGroup 'MyGroups' + { + MailNickname = "M365DSC" + SecurityEnabled = $True + MailEnabled = $True + DisplayName = "DSCGroup" + Ensure = "Absent" + Credential = $Credscredential + } + AADGroupLifecyclePolicy 'GroupLifecyclePolicy' + { + IsSingleInstance = "Yes" + AlternateNotificationEmails = @("john.smith@contoso.com") + GroupLifetimeInDays = 99 + ManagedGroupTypes = "Selected" + Ensure = "Absent" + Credential = $Credscredential + } + AADGroupsNamingPolicy 'GroupsNamingPolicy' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + AADGroupsSettings 'GeneralGroupsSettings' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + Ensure = "Absent" + Credential = $Credscredential + } + AADRoleDefinition 'AADRoleDefinition1' + { + IsEnabled = $true + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read" + DisplayName = "DSCRole1" + Ensure = "Absent" + Credential = $Credscredential + } + AADRoleEligibilityScheduleRequest 'MyRequest' + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Absent"; + IsValidationOnly = $True; # Updated Property + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + AADRoleSetting '28b253d8-cde5-471f-a331-fe7320023cdd' + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Absent' + } + AADSecurityDefaults 'Defaults' + { + Credential = $Credscredential; + Description = "Security defaults is a set of basic identity security mechanisms recommended by Microsoft. When enabled, these recommendations will be automatically enforced in your organization. Administrators and users will be better protected from common identity related attacks."; + DisplayName = "Security Defaults"; + IsEnabled = $True; + IsSingleInstance = "Yes"; + } + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "" + DisplayName = "AADAppName" + Ensure = "Absent" + Credential = $Credscredential + } + AADSocialIdentityProvider 'AADSocialIdentityProvider-Google' + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Absent"; + IdentityProviderType = "Google"; + } + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + AADUser 'ConfigureJohnSMith' + { + UserPrincipalName = "John.Smith@$Domain" + Ensure = "Absent" + Credential = $Credscredential + } + } + } + + $ConfigurationData = @{ + AllNodes = @( + @{ + NodeName = "Localhost" + PSDSCAllowPlaintextPassword = $true + } + ) + } + + # Compile and deploy configuration + try + { + Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop + } + catch + { + throw $_ + } From 3034443f4a65607771918603f5ac118fea94f4a6 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 07:47:02 -0500 Subject: [PATCH 37/60] Integration Tests Fixes --- CHANGELOG.md | 6 ++++ .../MSFT_AADAdministrativeUnit.psm1 | 20 ++++++++----- .../MSFT_AADApplication.psm1 | 2 +- .../MSFT_AADAttributeSet.psm1 | 11 ++------ .../MSFT_AADAttributeSet.schema.mof | 2 +- .../MSFT_AADServicePrincipal.psm1 | 7 +++-- .../Resources/AADAttributeSet/3-Remove.ps1 | 28 ------------------- .../2-Update.ps1 | 2 +- .../3-Remove.ps1 | 2 +- .../AADServicePrincipal/3-Remove.ps1 | 4 +-- .../Examples/Resources/AADUser/3-Remove.ps1 | 1 + 11 files changed, 34 insertions(+), 51 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index dc96768a21..636624333e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ # UNRELEASED +* AADAdministrativeUnit + * Used generic Graph API URL from MSCloudLoginConnectionProfile. +* AADApplication + * Ignore Permissions in tests if not passed. Preventing null comparison errors. +* AADAttributeSet + * Removed the ability to specify a value of Absent for the Ensure property. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. * Updated MSCloudLoginAssistant to version 1.1.5. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 09092a8b7b..910ed8d5f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -195,7 +195,8 @@ function Get-TargetResource foreach ($auMember in $auMembers) { $member = @{} - $memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auMember.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)" + $memberObject = Invoke-MgGraphRequest -Uri $url if ($memberObject.'@odata.type' -match 'user') { $member.Add('Identity', $memberObject.UserPrincipalName) @@ -239,7 +240,8 @@ function Get-TargetResource } } Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" - $memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" + $memberObject = Invoke-MgGraphRequest -Uri $url Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" if (($memberObject.'@odata.type') -match 'user') { @@ -564,7 +566,8 @@ function Set-TargetResource { Write-Verbose -Message "Adding new dynamic member {$($member.Id)}" $memberBodyParam = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/$($member.Type)/$($member.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$($member.Type)/$($member.Id)" + '@odata.id' = $url } New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId $policy.Id -BodyParameter $memberBodyParam @@ -661,7 +664,8 @@ function Set-TargetResource Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" $memberBodyParam = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/$memberType/$($memberObject.Id)" + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/$memberType/$($memberObject.Id)" + '@odata.id' = $url } New-MgBetaDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId ($currentInstance.Id) -BodyParameter $memberBodyParam | Out-Null } @@ -789,9 +793,11 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing AU {$DisplayName}" - #region resource generator code - Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id - #endregion + # Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1 + # https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529 + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" + Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null + #Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index f446d22e2d..0fb97b0d94 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -767,7 +767,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name) + if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0) { $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name) $driftedParams = @{} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 index e7f4611617..584cfd8c7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.psm1 @@ -19,7 +19,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -127,7 +127,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] @@ -182,11 +182,6 @@ function Set-TargetResource $BoundParameters.Remove('Id') | Out-Null Update-MgBetaDirectoryAttributeSet @BoundParameters | Out-Null } - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing the Attribute Set with Id {$($currentInstance.Id)}" - Remove-MgBetaDirectoryAttributeSet -AttributeSetId $Id | Out-Null - } } function Test-TargetResource @@ -210,7 +205,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('Absent', 'Present')] + [ValidateSet('Present')] $Ensure = 'Present', [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof index 9011a94914..399eb2cf1f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAttributeSet/MSFT_AADAttributeSet.schema.mof @@ -4,7 +4,7 @@ class MSFT_AADAttributeSet : OMI_BaseResource [Key, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Id; [Write, Description("Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive")] String Description; [Write, Description("Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.")] UInt32 MaxAttributesPerSet; - [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 5a56e3da0e..489a81b607 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -151,8 +151,11 @@ function Get-TargetResource if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) { $appInstance = Get-MgApplication -Filter "DisplayName eq '$AppId'" - $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` - -Expand 'AppRoleAssignedTo' + if ($appInstance) + { + $AADServicePrincipal = Get-MgServicePrincipal -Filter "AppID eq '$($appInstance.AppId)'" ` + -Expand 'AppRoleAssignedTo' + } } else { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 deleted file mode 100644 index 530ac0e032..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADAttributeSet "AADAttributeSetTest" - { - Credential = $credsCredential; - Description = "Attribute set with 420 attributes"; - Ensure = "Absent"; - Id = "TestAttributeSet"; - MaxAttributesPerSet = 300; # Updated Property - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 index b40aee5124..902a3e01e3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example DisplayName = "My Context"; Ensure = "Present"; Id = "c3"; - IsAvailable = $True; + IsAvailable = $False; # Updated Property } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 index 6529f1c087..2507ef22a3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 @@ -16,7 +16,7 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' Ensure = 'Absent' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 index 2be911cf20..50f0db3935 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 @@ -16,8 +16,8 @@ Configuration Example { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = "AppDisplayName" + DisplayName = "AppDisplayName" Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 index 30f6a7acb5..72667e151b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 @@ -18,6 +18,7 @@ Configuration Example AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" + DisplayName = "John J. Smith" Ensure = "Absent" Credential = $Credscredential } From 3976b4f0db0f8e6200e11013695200282d5428fd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 08:44:15 -0500 Subject: [PATCH 38/60] Fixes Unit Tests --- ...soft365DSC.AADAdministrativeUnit.Tests.ps1 | 2 +- .../Microsoft365DSC.AADAttributeSet.Tests.ps1 | 33 +----- ...SC.AADAuthenticationMethodPolicy.Tests.ps1 | 110 ------------------ ...SC.IntuneAccountProtectionPolicy.Tests.ps1 | 2 +- 4 files changed, 3 insertions(+), 144 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index 77d7ff00a1..d9766a734b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -158,7 +158,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Remove the AU from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDirectoryAdministrativeUnit -Exactly 1 + Should -Invoke -CommandName Invoke-MgGraphRequest -Exactly 1 } } Context -Name 'The AU Exists and Values are already in the desired state' -Fixture { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 index 3750d5d3ad..9cb8c15afd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAttributeSet.Tests.ps1 @@ -64,38 +64,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The instance exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - Description = "This is my super context test"; - MaxAttributesPerSet = 420; - Ensure = "Absent"; - Id = "c3"; - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDirectoryAttributeSet -MockWith { - return @{ - Description = "This is my super context test"; - MaxAttributesPerSet = 420; - Id = "c3"; - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should Remove the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDirectoryAttributeSet -Exactly 1 - } - } + Context -Name "The instance exists and values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 index 9d4ad3d0d2..fef35051c8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicy.Tests.ps1 @@ -101,116 +101,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADAuthenticationMethodPolicy exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = (New-CimInstance -ClassName MSFT_MicrosoftGraphregistrationEnforcement -Property @{ - AuthenticationMethodsRegistrationCampaign = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaign -Property @{ - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodsRegistrationCampaignIncludeTarget -Property @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } -ClientOnly) - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - } -ClientOnly) - SystemCredentialPreferences = (New-CimInstance -ClassName MSFT_MicrosoftGraphsystemCredentialPreferences -Property @{ - State = "default" - IncludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyIncludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - ExcludeTargets = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyExcludeTarget -Property @{ - TargetType = "user" - Id = "FakeStringValue" - } -ClientOnly) - ) - } -ClientOnly) - Ensure = 'Absent' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaPolicyAuthenticationMethodPolicy -MockWith { - return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.AuthenticationMethodsPolicy" - } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyMigrationState = "preMigration" - PolicyVersion = "FakeStringValue" - ReconfirmationInDays = 25 - RegistrationEnforcement = @{ - AuthenticationMethodsRegistrationCampaign = @{ - IncludeTargets = @( - @{ - Id = "FakeStringValue" - TargetType = "user" - TargetedAuthenticationMethod = "FakeStringValue" - } - ) - State = "default" - SnoozeDurationInDays = 25 - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - } - SystemCredentialPreferences = @{ - State = "default" - IncludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - ExcludeTargets = @( - @{ - TargetType = "user" - Id = "FakeStringValue" - } - ) - } - - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should Remove the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaPolicyAuthenticationMethodPolicy -Exactly 1 - } - } Context -Name "The AADAuthenticationMethodPolicy Exists and Values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 index e9548f18af..b1fbf8669a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 @@ -171,7 +171,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams -Verbose).Ensure | Should -Be 'Present' + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } It 'Should return false from the Test method' { From 00d0ccafce764c96715f2a46e3ce401524d2b9bb Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 09:29:50 -0500 Subject: [PATCH 39/60] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 636624333e..d12e722024 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ * Ignore Permissions in tests if not passed. Preventing null comparison errors. * AADAttributeSet * Removed the ability to specify a value of Absent for the Ensure property. +* AADAUthenticationMethodPolicy + * Removed the ability to specify a value of Absent for the Ensure property. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. * Updated MSCloudLoginAssistant to version 1.1.5. From 2c1040b1d38e3601859377d7bb7241b6dff7090a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 15:38:36 +0000 Subject: [PATCH 40/60] Updated Resources and Cmdlet documentation pages --- .../resources/azure-ad/AADAttributeSet.md | 33 +------------------ .../AADAuthenticationContextClassReference.md | 2 +- ...titlementManagementAccessPackageCatalog.md | 2 +- .../resources/azure-ad/AADServicePrincipal.md | 4 +-- docs/docs/resources/azure-ad/AADUser.md | 1 + 5 files changed, 6 insertions(+), 36 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAttributeSet.md b/docs/docs/resources/azure-ad/AADAttributeSet.md index bce314c714..d1a5acb36d 100644 --- a/docs/docs/resources/azure-ad/AADAttributeSet.md +++ b/docs/docs/resources/azure-ad/AADAttributeSet.md @@ -7,7 +7,7 @@ | **Id** | Key | String | Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive | | | **Description** | Write | String | Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive | | | **MaxAttributesPerSet** | Write | UInt32 | Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later. | | -| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present` | | **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -110,34 +110,3 @@ Configuration Example } ``` -### Example 3 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsCredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADAttributeSet "AADAttributeSetTest" - { - Credential = $credsCredential; - Description = "Attribute set with 420 attributes"; - Ensure = "Absent"; - Id = "TestAttributeSet"; - MaxAttributesPerSet = 300; # Updated Property - } - } -} -``` - diff --git a/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md b/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md index 27a6544b8d..549b6972d2 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md @@ -107,7 +107,7 @@ Configuration Example DisplayName = "My Context"; Ensure = "Present"; Id = "c3"; - IsAvailable = $True; + IsAvailable = $False; # Updated Property } } } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md index 9953d70bc2..b8bd8bb23b 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md @@ -134,7 +134,7 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' Ensure = 'Absent' Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADServicePrincipal.md b/docs/docs/resources/azure-ad/AADServicePrincipal.md index 6b31571f6c..4d85019675 100644 --- a/docs/docs/resources/azure-ad/AADServicePrincipal.md +++ b/docs/docs/resources/azure-ad/AADServicePrincipal.md @@ -162,8 +162,8 @@ Configuration Example { AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = "AppDisplayName" + DisplayName = "AppDisplayName" Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index 0153626464..7201e06f9b 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -161,6 +161,7 @@ Configuration Example AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" + DisplayName = "John J. Smith" Ensure = "Absent" Credential = $Credscredential } From fac8e1dcd570edc1d138dbe8d2610239b8649043 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 10:51:31 -0500 Subject: [PATCH 41/60] Update 1-Create.ps1 --- .../Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index 8ebd005c43..79bed26790 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -41,7 +41,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'DSCGroup' + Id = 'Sales Team' TargetType = 'group' } ); From e0f301ec793aa5f6111df59fbaadd4467f502f71 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 15:52:21 +0000 Subject: [PATCH 42/60] Updated Resources and Cmdlet documentation pages --- .../resources/azure-ad/AADAuthenticationMethodPolicyX509.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index d7b1e36665..cca53c3584 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -143,7 +143,7 @@ Configuration Example Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'DSCGroup' + Id = 'Sales Team' TargetType = 'group' } ); From fb4204be8543d1c0b005cc1038621c43330420df Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 15:54:25 +0000 Subject: [PATCH 43/60] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index d8d32b01f8..a0ff09b2b9 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -289,7 +289,7 @@ Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'DSCGroup' + Id = 'Sales Team' TargetType = 'group' } ); From e4bbb55d4b08e0a01e7eb0330b6843681ed493ea Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 12:28:51 -0500 Subject: [PATCH 44/60] Fixes Integration Tests --- .../MSFT_AADAuthenticationMethodPolicyX509.psm1 | 8 +++----- .../AADAuthenticationMethodPolicyX509/1-Create.ps1 | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 index 80d6cfdef0..bf924124db 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 @@ -4,7 +4,6 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - #region resource generator code [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AuthenticationModeConfiguration, @@ -30,8 +29,6 @@ function Get-TargetResource [System.String] $Id, - #endregion - [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -118,7 +115,8 @@ function Get-TargetResource $complexAuthenticationModeConfiguration.Add('Rules', $complexRules) } } - else { + else + { $complexAuthenticationModeConfiguration.Add('Rules', @('')) } @@ -392,7 +390,7 @@ function Set-TargetResource #region resource generator code $UpdateParameters.Add('@odata.type', '#microsoft.graph.x509CertificateAuthenticationMethodConfiguration') Write-Verbose -Message "Updating with Values: $(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)" - Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` + Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration ` -AuthenticationMethodConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters #endregion diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index 79bed26790..5916e2a1e6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -19,6 +19,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From 1f8cb27e8744d2a93b06832f0da6927a51a76ca1 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 17:30:47 +0000 Subject: [PATCH 45/60] Updated Resources and Cmdlet documentation pages --- .../docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index cca53c3584..ccbf055101 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -121,6 +121,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From 95158209cbc546637a3a6bc33f79123c82192922 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 17:32:33 +0000 Subject: [PATCH 46/60] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index a0ff09b2b9..a1b9cb5f51 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -267,6 +267,7 @@ { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From dc0ddb216e6aa4d1694ffd5c68d23c3200226a56 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 12:57:52 -0500 Subject: [PATCH 47/60] Fixes AuthenticationPolicyX509 --- CHANGELOG.md | 3 +++ .../MSFT_AADAuthenticationMethodPolicyX509.psm1 | 8 ++++++-- .../AADAuthenticationMethodPolicyX509/1-Create.ps1 | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d12e722024..f45d7f0b4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ * Removed the ability to specify a value of Absent for the Ensure property. * AADAUthenticationMethodPolicy * Removed the ability to specify a value of Absent for the Ensure property. +* AADAUthenticationMethodPolicyX509 + * Fix the way we returned an empty rule set from the Get method. This caused + the Test-TargetResource method to return true even when instanes matched. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. * Updated MSCloudLoginAssistant to version 1.1.5. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 index bf924124db..229cfccfb5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.psm1 @@ -108,16 +108,20 @@ function Get-TargetResource { $myRules.Add('X509CertificateRuleType', $currentRules.x509CertificateRuleType.toString()) } - if ($myRules.values.Where({ $null -ne $_ }).count -gt 0) + if ($myRules.values.Where({ $null -ne $_ }).count -gt 0 -and $myRules.Keys.Length -gt 0) { $complexRules += $myRules } + if ($complexRules.Length -le 0) + { + $complexRules = $null + } $complexAuthenticationModeConfiguration.Add('Rules', $complexRules) } } else { - $complexAuthenticationModeConfiguration.Add('Rules', @('')) + $complexAuthenticationModeConfiguration.Add('Rules', @()) } if ($null -ne $getValue.AdditionalProperties.authenticationModeConfiguration.x509CertificateAuthenticationDefaultMode) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index 5916e2a1e6..9e05e83498 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -19,7 +19,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' - Rules = @() + Rules = @(@()) }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From 2f35e773364b914ece71aba50d4d3be4ae23a4e5 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 12:58:50 -0500 Subject: [PATCH 48/60] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f45d7f0b4f..2cbc1712c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ * Removed the ability to specify a value of Absent for the Ensure property. * AADAUthenticationMethodPolicyX509 * Fix the way we returned an empty rule set from the Get method. This caused - the Test-TargetResource method to return true even when instanes matched. + the Test-TargetResource method to return true even when instances matched. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. * Updated MSCloudLoginAssistant to version 1.1.5. From d8ba1ddc96c2c1b142c7a52ab14b5c45acc9f903 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 19:04:13 +0000 Subject: [PATCH 49/60] Updated Resources and Cmdlet documentation pages --- .../resources/azure-ad/AADAuthenticationMethodPolicyX509.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index ccbf055101..1d3f8dc60b 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -121,7 +121,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' - Rules = @() + Rules = @(@()) }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From 507ca77aaaa4f4ab4673bdc724e3666b220ca9ca Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 19:06:04 +0000 Subject: [PATCH 50/60] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index a1b9cb5f51..1d417c6905 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -267,7 +267,7 @@ { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' - Rules = @() + Rules = @(@()) }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From cec7190541fe559bc10e0b10bf96545b3c8f8a9d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 19:09:22 +0000 Subject: [PATCH 51/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 09273edda6..b6f960e55c 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -79,7 +79,7 @@ DisplayName = "My Context"; Ensure = "Present"; Id = "c3"; - IsAvailable = $True; + IsAvailable = $False; # Updated Property } AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' { From 46c7d3ba9b015590cd064a403fbc0f26eb935b99 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 16 Jan 2024 14:14:18 -0500 Subject: [PATCH 52/60] Update 2-Update.ps1 --- .../Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 index 8ebd005c43..47ee911aea 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 @@ -19,6 +19,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From 9859d7b4dcb8899165936dc6bc4c78d3bc87cdc6 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 19:15:14 +0000 Subject: [PATCH 53/60] Updated Resources and Cmdlet documentation pages --- .../docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index 1d3f8dc60b..501599cef5 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -183,6 +183,7 @@ Configuration Example { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From b1443e4320bfc60b8d698056bb6e5888128802c6 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 19:20:29 +0000 Subject: [PATCH 54/60] Updated {Update} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index b6f960e55c..ef2eeadf00 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -288,6 +288,7 @@ { AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' + Rules = @() }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ From fd8d7fc38b548c83ee076f69bff2ae80584451dd Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 16 Jan 2024 19:23:46 +0000 Subject: [PATCH 55/60] Updated {Update} AAD Integration Tests --- .../M365DSCIntegration.AAD.Remove.Tests.ps1 | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 index 3c73a9d2ed..6f5166aed9 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -30,14 +30,6 @@ Ensure = "Absent" Credential = $Credscredential } - AADAttributeSet 'AADAttributeSetTest' - { - Credential = $credsCredential; - Description = "Attribute set with 420 attributes"; - Ensure = "Absent"; - Id = "TestAttributeSet"; - MaxAttributesPerSet = 300; # Updated Property - } AADAuthenticationContextClassReference 'AADAuthenticationContextClassReference-Test' { Credential = $credsCredential; @@ -150,7 +142,7 @@ } AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - DisplayName = 'General' + DisplayName = 'My Catalog' Ensure = 'Absent' Credential = $Credscredential } @@ -282,8 +274,8 @@ } AADServicePrincipal 'AADServicePrincipal' { - AppId = "" - DisplayName = "AADAppName" + AppId = "AppDisplayName" + DisplayName = "AppDisplayName" Ensure = "Absent" Credential = $Credscredential } @@ -305,6 +297,7 @@ AADUser 'ConfigureJohnSMith' { UserPrincipalName = "John.Smith@$Domain" + DisplayName = "John J. Smith" Ensure = "Absent" Credential = $Credscredential } From 0d08f82027109a4beaaa6b89b4ba6accedab197d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 17 Jan 2024 08:10:38 -0500 Subject: [PATCH 56/60] Error Handling for GCCHigh --- CHANGELOG.md | 6 +- .../MSFT_AADRoleSetting.psm1 | 7 +-- .../MSFT_AADRoleSetting.schema.mof | 2 +- .../MSFT_AADUser/MSFT_AADUser.psm1 | 5 ++ .../MSFT_EXOReportSubmissionRule.psm1 | 1 + .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 3 +- ...alAdministratorPasswordSolutionPolicy.psm1 | 3 +- ...tectionLocalUserGroupMembershipPolicy.psm1 | 3 +- .../MSFT_IntuneAccountProtectionPolicy.psm1 | 3 +- ...ntivirusPolicyWindows10SettingCatalog.psm1 | 3 +- .../MSFT_IntuneAppConfigurationPolicy.psm1 | 3 +- ...MSFT_IntuneAppProtectionPolicyAndroid.psm1 | 3 +- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 3 +- ...tuneApplicationControlPolicyWindows10.psm1 | 3 +- ...tionRulesPolicyWindows10ConfigManager.psm1 | 3 +- ...eviceAndAppManagementAssignmentFilter.psm1 | 3 +- .../MSFT_IntuneDeviceCategory.psm1 | 3 +- .../MSFT_IntuneDeviceCleanupRule.psm1 | 4 +- ...T_IntuneDeviceCompliancePolicyAndroid.psm1 | 3 +- ...iceCompliancePolicyAndroidDeviceOwner.psm1 | 3 +- ...iceCompliancePolicyAndroidWorkProfile.psm1 | 3 +- ...SFT_IntuneDeviceCompliancePolicyMacOS.psm1 | 3 +- ...IntuneDeviceCompliancePolicyWindows10.psm1 | 3 +- .../MSFT_IntuneDeviceCompliancePolicyiOs.psm1 | 3 +- ...AdministrativeTemplatePolicyWindows10.psm1 | 3 +- ...iceConfigurationCustomPolicyWindows10.psm1 | 3 +- ...rForEndpointOnboardingPolicyWindows10.psm1 | 3 +- ...onDeliveryOptimizationPolicyWindows10.psm1 | 3 +- ...onfigurationDomainJoinPolicyWindows10.psm1 | 3 +- ...figurationEmailProfilePolicyWindows10.psm1 | 3 +- ...tionEndpointProtectionPolicyWindows10.psm1 | 3 +- ...ationFirmwareInterfacePolicyWindows10.psm1 | 3 +- ...onitoringConfigurationPolicyWindows10.psm1 | 3 +- ...tionIdentityProtectionPolicyWindows10.psm1 | 3 +- ...ImportedPfxCertificatePolicyWindows10.psm1 | 3 +- ...viceConfigurationKioskPolicyWindows10.psm1 | 3 +- ...urationNetworkBoundaryPolicyWindows10.psm1 | 3 +- ...urationPkcsCertificatePolicyWindows10.psm1 | 3 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 3 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 3 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 3 +- ...ConfigurationPolicyAndroidWorkProfile.psm1 | 3 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 3 +- ...uneDeviceConfigurationPolicyWindows10.psm1 | 3 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 3 +- ...urationScepCertificatePolicyWindows10.psm1 | 3 +- ...rationSecureAssessmentPolicyWindows10.psm1 | 3 +- ...ationSharedMultiDevicePolicyWindows10.psm1 | 3 +- ...tionTrustedCertificatePolicyWindows10.psm1 | 3 +- ...DeviceConfigurationVpnPolicyWindows10.psm1 | 3 +- ...nfigurationWindowsTeamPolicyWindows10.psm1 | 3 +- ...figurationWiredNetworkPolicyWindows10.psm1 | 3 +- ...ntuneDeviceEnrollmentLimitRestriction.psm1 | 3 +- ...neDeviceEnrollmentPlatformRestriction.psm1 | 3 +- ...neDeviceEnrollmentStatusPageWindows10.psm1 | 3 +- ...ntDetectionAndResponsePolicyWindows10.psm1 | 3 +- ...otectionPolicyWindows10SettingCatalog.psm1 | 3 +- .../MSFT_IntunePolicySets.psm1 | 3 +- .../MSFT_IntuneRoleAssignment.psm1 | 3 +- .../MSFT_IntuneRoleDefinition.psm1 | 3 +- ...SettingCatalogASRRulesPolicyWindows10.psm1 | 3 +- ...neSettingCatalogCustomPolicyWindows10.psm1 | 3 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 3 +- ...ionPolicyAndroidEnterpriseDeviceOwner.psm1 | 3 +- ...ionPolicyAndroidEnterpriseWorkProfile.psm1 | 3 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 3 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 3 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 3 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 3 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 3 +- ...tDeploymentProfileAzureADHybridJoined.psm1 | 3 +- ...topilotDeploymentProfileAzureADJoined.psm1 | 3 +- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 3 +- ...BusinessFeatureUpdateProfileWindows10.psm1 | 3 +- ...ForBusinessRingUpdateProfileWindows10.psm1 | 3 +- .../MSFT_O365OrgSettings.psm1 | 23 ++++--- ...65SearchAndIntelligenceConfigurations.psm1 | 21 +++++-- .../MSFT_TeamsOrgWideAppSettings.psm1 | 44 ++++++++----- .../Resources/AADRoleSetting/3-Remove.ps1 | 62 ------------------- 79 files changed, 214 insertions(+), 168 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2cbc1712c2..7e84af3c9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,11 +8,13 @@ * Ignore Permissions in tests if not passed. Preventing null comparison errors. * AADAttributeSet * Removed the ability to specify a value of Absent for the Ensure property. -* AADAUthenticationMethodPolicy +* AADAuthenticationMethodPolicy * Removed the ability to specify a value of Absent for the Ensure property. -* AADAUthenticationMethodPolicyX509 +* AADAuthenticationMethodPolicyX509 * Fix the way we returned an empty rule set from the Get method. This caused the Test-TargetResource method to return true even when instances matched. +* AADROleSetting + * Removed the ability to specify a value of Absent for the Ensure property. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. * Updated MSCloudLoginAssistant to version 1.1.5. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index e978aab640..c179d662c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -165,7 +165,7 @@ function Get-TargetResource $EligibleAssignmentAssigneeNotificationOnlyCritical, [Parameter()] - [ValidateSet('Present', 'Absent')] + [ValidateSet('Present')] [System.String] $Ensure = 'Present', @@ -213,7 +213,6 @@ function Get-TargetResource #endregion $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' $RoleDefintion = $null if ($null -ne $Script:exportedInstances -and $Script:ExportMode) @@ -559,7 +558,7 @@ function Set-TargetResource $EligibleAssignmentAssigneeNotificationOnlyCritical, [Parameter()] - [ValidateSet('Present', 'Absent')] + [ValidateSet('Present')] [System.String] $Ensure = 'Present', @@ -1271,7 +1270,7 @@ function Test-TargetResource $EligibleAssignmentAssigneeNotificationOnlyCritical, [Parameter()] - [ValidateSet('Present', 'Absent')] + [ValidateSet('Present')] [System.String] $Ensure = 'Present', diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof index 202e5e947b..5a78b465fb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof @@ -41,7 +41,7 @@ class MSFT_AADRoleSetting : OMI_BaseResource [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False)")] Boolean EligibleAssignmentAssigneeNotificationDefaultRecipient; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN)")] String EligibleAssignmentAssigneeNotificationAdditionalRecipient[]; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False)")] Boolean EligibleAssignmentAssigneeNotificationOnlyCritical; - [Write, Description("Specify if the Azure AD role setting should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Specify if the Azure AD role setting should exist or not."), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index a7ee0a2413..e5756268a4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -839,6 +839,11 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + if ($Ensure -eq 'Absent' -and $CurrentValues.Ensure -eq 'Absent') + { + return $true + } + $ValuesToCheck = $PSBoundParameters $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 index 775c1e0fc5..207888fa00 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOReportSubmissionRule/MSFT_EXOReportSubmissionRule.psm1 @@ -385,6 +385,7 @@ function Export-TargetResource if ($ReportSubmissionRule.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark + return } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 1103360a16..6482cb21d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -956,7 +956,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index 403974e7a0..a6ff9a5167 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -792,7 +792,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 index 4524e0f42c..4b58e81abc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 @@ -681,7 +681,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index 1093519915..327fc77e61 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -840,7 +840,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index d10ee2a52c..2659437cce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -1498,7 +1498,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index e2fe67a6e1..2352b5643f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -548,7 +548,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index 00d2809bc4..1a04856c16 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -1125,7 +1125,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index b5d2b73345..3a7813ec16 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -1189,7 +1189,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 index 5d83dfb4a4..7231018cf5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 @@ -575,7 +575,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 50ba894304..2173ef32b9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -893,7 +893,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index 6ef91c7036..fe0f04941d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -435,7 +435,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 index f7f68cd71e..962ab57fec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 @@ -350,7 +350,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 index a37c05d228..1b8c51567f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 @@ -377,7 +377,9 @@ function Export-TargetResource catch { if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or - $_.Exception -like "* Unauthorized*") + $_.Exception -like "* Unauthorized*" -or ` + $_.Exception -like "*Request not applicable to target tenant*" -or ` + $_.Exception -like "*BadRequest*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index d44f0dfeab..6b3353da1a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -914,7 +914,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 index 9c6c9e7602..75d548ae46 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 @@ -771,7 +771,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index 07c7f7f5e5..da9d328933 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -877,7 +877,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 index cfaf8803ca..864a3cf2c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 @@ -827,7 +827,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 375a791be5..61399e6146 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -962,7 +962,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index 514c2f80d1..4e5ccc567a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -802,7 +802,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 885e5b4265..53512b6e8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -926,7 +926,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 6eb10811c2..e35f2b96c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -639,7 +639,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 index 99c47dc2ba..5607bb05f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 @@ -623,7 +623,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 index 940dee9e16..133d05a210 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 @@ -929,7 +929,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 index d20a639331..01120c5c19 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 @@ -597,7 +597,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 index cc90413c23..1666e3262e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 @@ -757,7 +757,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 index b4a8758c1a..c9b1f664a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 @@ -6076,7 +6076,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 index be2a66186b..aa52b4dc14 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 @@ -1009,7 +1009,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index 7189bbe0eb..6fc23087bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -602,7 +602,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 index 5b59f195e9..f35fb0a9f5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 @@ -752,7 +752,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 index ef961fe6ef..72d379fc8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 @@ -670,7 +670,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 index 0f41ce9411..e0d9994c2b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 @@ -905,7 +905,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index 7f6ba6117f..abd502c21c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -647,7 +647,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 index 8a5dff18a2..234a3116a8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 @@ -825,7 +825,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 2017a13ce4..8d468a7d9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -1421,7 +1421,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index c3bb757425..5a2cace7a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -2820,7 +2820,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index be073215e9..d98004d87a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -790,7 +790,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index a54b3eb10f..7a3020057a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -1142,7 +1142,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index ef49efa6c7..44116b471a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1450,7 +1450,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 97f2ac3cf9..ad15fbea40 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -4906,7 +4906,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index c79ae6eccb..49a1e9470d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -3342,7 +3342,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 index 8c775e6490..d4e2473c17 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationScepCertificatePolicyWindows10.psm1 @@ -887,7 +887,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 index 56c34131c0..5cb9cffc30 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 @@ -647,7 +647,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 index 75fcb8dcf9..33c280def7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 @@ -889,7 +889,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 index e5fc00b556..39ca6a3373 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 @@ -582,7 +582,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 index ee73f6a506..0300372ebe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 @@ -1282,7 +1282,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 index 7a41b0f83a..f2b3f6f663 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 @@ -833,7 +833,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index 87a26a986e..e21c224eb0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -1003,7 +1003,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Message: Location header not present in redirection response.*") + $_.Exception -like "*Message: Location header not present in redirection response.*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 index 8f434a1157..2cadeaec76 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 @@ -377,7 +377,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 99eb5b034f..7214303fba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -836,7 +836,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index 4446a78d41..c737bd8164 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -725,7 +725,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 index d5bc1f3b75..63e818f7af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 @@ -621,7 +621,8 @@ function Export-TargetResource catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` - $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*") + $_.Exception -like "*Unable to perform redirect as Location Header is not set in response*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index ff596c77ce..8811c5d473 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -629,7 +629,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 index dd44300fdd..ac20b8c259 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 @@ -657,7 +657,8 @@ function Export-TargetResource catch { if ($_.Exception -like "*401*" -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or - $_.Exception -like "* Unauthorized*") + $_.Exception -like "* Unauthorized*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index 802529ca5d..058a2e58d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -706,7 +706,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 index b55c306699..2c0ee65b94 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 @@ -549,7 +549,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index a059ab3082..5fff32e897 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -920,7 +920,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index a9f1efca80..1a6ce88633 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -712,7 +712,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 8d927a3752..550848afb0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -682,7 +682,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 index 889e5adde9..e76afffc7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 @@ -760,7 +760,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 index 64aaa0003b..a053896d55 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 @@ -673,7 +673,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index e8cfd5d709..65f8ed0088 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -672,7 +672,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index a5e7d85e15..70ed28d0bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -698,7 +698,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index c52e9d88a4..e710718398 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -753,7 +753,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 47699b2efa..d1bf3f164c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -739,7 +739,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 645971ff45..62701eca3b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -782,7 +782,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index c19fb4f998..5b4a09bf94 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -753,7 +753,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index 605ad7f2fd..f6a4bad9e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -767,7 +767,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 382ee4d4cd..bb6d409c7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -1242,7 +1242,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index b9127d417c..c4968c1c6f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -600,7 +600,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 index 7460e0682a..d1e424eab5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -1190,7 +1190,8 @@ function Export-TargetResource } catch { - if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*") + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index 9338fb505c..b53aa10630 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -1094,20 +1094,29 @@ function Get-M365DSCO365OrgSettingsPlannerConfig try { $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + "/taskAPI/tenantAdminSettings/Settings"; + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $results = Invoke-RestMethod -ContentType "application/json;odata.metadata=full" ` -Headers @{"Accept"="application/json"; "Authorization"=$Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; "Accept-Charset"="UTF-8"; "OData-Version"="4.0;NetFx"; "OData-MaxVersion"="4.0;NetFx"} ` -Method GET ` - $Uri + $Uri -ErrorAction Stop return $results } catch { - Write-Verbose -Message "Not able to retrieve Office 365 Planner Settings. Please ensure correct permissions have been granted." - New-M365DSCLogEntry -Message 'Error updating Office 365 Planner Settings' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + if ($_.Exception.Message -eq 'The request was aborted: Could not create SSL/TLS secure channel.') + { + Write-Warning -Message "Could not create SSL/TLS secure channel. Skipping the Planner settings." + } + else + { + Write-Verbose -Message "Not able to retrieve Office 365 Planner Settings. Please ensure correct permissions have been granted." + New-M365DSCLogEntry -Message 'Error updating Office 365 Planner Settings' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + return $null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 index db2a33427a..0781697a0d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -64,12 +64,23 @@ function Get-TargetResource $itemInsightsDisabledForGroupValue = $group.DisplayName } - $PersonInsights = Get-MgBetaOrganizationSettingPersonInsight -OrganizationId $TenantId - $PersonInsightsDisabledForGroupValue = $null - if (-not [System.String]::IsNullOrEmpty($PersonInsights.DisabledForGroup)) + try + { + $PersonInsights = Get-MgBetaOrganizationSettingPersonInsight -OrganizationId $TenantId ` + -ErrorAction Stop + $PersonInsightsDisabledForGroupValue = $null + if (-not [System.String]::IsNullOrEmpty($PersonInsights.DisabledForGroup)) + { + $group = Get-MgGroup -GroupId ($PersonInsights.DisabledForGroup) + $PersonInsightsDisabledForGroupValue = $group.DisplayName + } + } + catch { - $group = Get-MgGroup -GroupId ($PersonInsights.DisabledForGroup) - $PersonInsightsDisabledForGroupValue = $group.DisplayName + if ($_.Exception.Message -eq "[BadRequest] : Resource not found for the segment 'peopleInsights'.") + { + Write-Warning -Message "The peopleInsights segment is not available in the selected environment." + } } return @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 index c5f862d125..802b37e1fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOrgWideAppSettings/MSFT_TeamsOrgWideAppSettings.psm1 @@ -49,13 +49,20 @@ function Get-TargetResource } catch { - Write-Host $Global:M365DSCEmojiRedX - - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + if ($_.Exception.Message -like "*Resource not found.*") + { + Write-Warning -Message "The API doesn't exist for the selected environment." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } return $nullReturn } @@ -189,16 +196,19 @@ function Export-TargetResource } $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName + if ($Results.Ensure -eq 'Present') + { + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + } Write-Host $Global:M365DSCEmojiGreenCheckMark return $dscContent diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 deleted file mode 100644 index 1553543bfe..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 +++ /dev/null @@ -1,62 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $False; # Updated Property - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Absent' - } - } -} From e75660355b18188779e56f662563e7e5099fbda2 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 17 Jan 2024 08:11:03 -0500 Subject: [PATCH 57/60] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e84af3c9e..3127702b66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,7 +13,7 @@ * AADAuthenticationMethodPolicyX509 * Fix the way we returned an empty rule set from the Get method. This caused the Test-TargetResource method to return true even when instances matched. -* AADROleSetting +* AADRoleSetting * Removed the ability to specify a value of Absent for the Ensure property. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. From 74c80341379ce95ec7ba442e22ee29be2ab4e632 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 17 Jan 2024 13:24:12 +0000 Subject: [PATCH 58/60] Updated Resources and Cmdlet documentation pages --- .../docs/resources/azure-ad/AADRoleSetting.md | 67 +------------------ 1 file changed, 1 insertion(+), 66 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADRoleSetting.md b/docs/docs/resources/azure-ad/AADRoleSetting.md index c666d97328..b79cc63f9e 100644 --- a/docs/docs/resources/azure-ad/AADRoleSetting.md +++ b/docs/docs/resources/azure-ad/AADRoleSetting.md @@ -44,7 +44,7 @@ | **EligibleAssignmentAssigneeNotificationDefaultRecipient** | Write | Boolean | Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False) | | | **EligibleAssignmentAssigneeNotificationAdditionalRecipient** | Write | StringArray[] | Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN) | | | **EligibleAssignmentAssigneeNotificationOnlyCritical** | Write | Boolean | Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False) | | -| **Ensure** | Write | String | Specify if the Azure AD role setting should exist or not. | `Present`, `Absent` | +| **Ensure** | Write | String | Specify if the Azure AD role setting should exist or not. | `Present` | | **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | @@ -151,68 +151,3 @@ Configuration Example } ``` -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - Node localhost - { - AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd - { - ActivateApprover = @(); - ActivationMaxDuration = "PT8H"; - ActivationReqJustification = $False; # Updated Property - ActivationReqMFA = $False; - ActivationReqTicket = $False; - ActiveAlertNotificationAdditionalRecipient = @(); - ActiveAlertNotificationDefaultRecipient = $True; - ActiveAlertNotificationOnlyCritical = $False; - ActiveApproveNotificationAdditionalRecipient = @(); - ActiveApproveNotificationDefaultRecipient = $True; - ActiveApproveNotificationOnlyCritical = $False; - ActiveAssigneeNotificationAdditionalRecipient = @(); - ActiveAssigneeNotificationDefaultRecipient = $True; - ActiveAssigneeNotificationOnlyCritical = $False; - ApprovaltoActivate = $False; - AssignmentReqJustification = $True; - AssignmentReqMFA = $False; - Displayname = "Application Administrator"; - ElegibilityAssignmentReqJustification = $False; - ElegibilityAssignmentReqMFA = $False; - EligibleAlertNotificationAdditionalRecipient = @(); - EligibleAlertNotificationDefaultRecipient = $True; - EligibleAlertNotificationOnlyCritical = $False; - EligibleApproveNotificationAdditionalRecipient = @(); - EligibleApproveNotificationDefaultRecipient = $True; - EligibleApproveNotificationOnlyCritical = $False; - EligibleAssigneeNotificationAdditionalRecipient = @(); - EligibleAssigneeNotificationDefaultRecipient = $True; - EligibleAssigneeNotificationOnlyCritical = $False; - EligibleAssignmentAlertNotificationAdditionalRecipient = @(); - EligibleAssignmentAlertNotificationDefaultRecipient = $True; - EligibleAssignmentAlertNotificationOnlyCritical = $False; - EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); - EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; - EligibleAssignmentAssigneeNotificationOnlyCritical = $False; - ExpireActiveAssignment = "P180D"; - ExpireEligibleAssignment = "P365D"; - PermanentActiveAssignmentisExpirationRequired = $False; - PermanentEligibleAssignmentisExpirationRequired = $False; - Credential = $Credscredential - Ensure = 'Absent' - } - } -} -``` - From e128d6147d1896020f2c025160c27ded04bb8277 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 17 Jan 2024 13:37:15 +0000 Subject: [PATCH 59/60] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOAntiPhishPolicy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md index c5e08e360f..1c27b27741 100644 --- a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md +++ b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md @@ -26,6 +26,7 @@ | **MakeDefault** | Write | Boolean | Make this the default antiphishing policy | | | **ExcludedDomains** | Write | StringArray[] | The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas. | | | **ExcludedSenders** | Write | StringArray[] | The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas. | | +| **HonorDmarcPolicy** | Write | Boolean | The HonorDmarcPolicy enables or disables using the sender's DMARC policy to determine what to do to messages that fail DMARC checks. | | | **ImpersonationProtectionState** | Write | String | The ImpersonationProtectionState parameter specifies the configuration of impersonation protection. | | | **MailboxIntelligenceProtectionAction** | Write | String | The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection. | | | **MailboxIntelligenceProtectionActionRecipients** | Write | StringArray[] | The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage. | | From bbfa589add7c22429dfb67011e03603353bdfd89 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 17 Jan 2024 12:12:14 -0500 Subject: [PATCH 60/60] Release 1.24.117.1 --- CHANGELOG.md | 7 ++- .../MSFT_AADConditionalAccessPolicy.psm1 | 16 +++--- .../Dependencies/Manifest.psd1 | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 50 +++++++++---------- 4 files changed, 38 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9b642aafd..97233cfeee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.117.1 * AADAdministrativeUnit * Used generic Graph API URL from MSCloudLoginConnectionProfile. @@ -8,6 +8,9 @@ * Ignore Permissions in tests if not passed. Preventing null comparison errors. * AADAttributeSet * Removed the ability to specify a value of Absent for the Ensure property. +* AADConditionalAccessPolicy + * Fixes an error where the ApplicationEnforcedRestrictionsIsEnabled parameter + was always set to false in scenarios where it should have been null. * AADAuthenticationMethodPolicy * Removed the ability to specify a value of Absent for the Ensure property. * AADAuthenticationMethodPolicyX509 @@ -24,7 +27,7 @@ FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144) * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. - * Updated MSCloudLoginAssistant to version 1.1.5. + * Updated MSCloudLoginAssistant to version 1.1.7. # 1.24.110.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 17df78d577..d5fd93d23c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -649,20 +649,20 @@ function Get-TargetResource BuiltInControls = [System.String[]](@() + $Policy.GrantControls.BuiltInControls) CustomAuthenticationFactors = [System.String[]](@() + $Policy.GrantControls.CustomAuthenticationFactors) #no translation needed, return empty string array if undefined - ApplicationEnforcedRestrictionsIsEnabled = $false -or $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled + ApplicationEnforcedRestrictionsIsEnabled = $Policy.SessionControls.ApplicationEnforcedRestrictions.IsEnabled #make false if undefined, true if true - CloudAppSecurityIsEnabled = $false -or $Policy.SessionControls.CloudAppSecurity.IsEnabled + CloudAppSecurityIsEnabled = $Policy.SessionControls.CloudAppSecurity.IsEnabled #make false if undefined, true if true CloudAppSecurityType = [System.String]$Policy.SessionControls.CloudAppSecurity.CloudAppSecurityType #no translation needed, return empty string array if undefined - SignInFrequencyIsEnabled = $false -or $Policy.SessionControls.SignInFrequency.IsEnabled + SignInFrequencyIsEnabled = $Policy.SessionControls.SignInFrequency.IsEnabled #make false if undefined, true if true SignInFrequencyValue = $Policy.SessionControls.SignInFrequency.Value #no translation or conversion needed, $null returned if undefined SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type SignInFrequencyInterval = $SignInFrequencyIntervalValue #no translation needed - PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled + PersistentBrowserIsEnabled = $Policy.SessionControls.PersistentBrowser.IsEnabled #make false if undefined, true if true PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode #no translation needed @@ -1474,15 +1474,13 @@ function Set-TargetResource { Write-Verbose -Message 'Set-Targetresource: create provision Session Control object' $sessioncontrols = @{ - ApplicationEnforcedRestrictions = @{ - IsEnabled = $false - } + ApplicationEnforcedRestrictions = @{} } - if ($ApplicationEnforcedRestrictionsIsEnabled) + if ($ApplicationEnforcedRestrictionsIsEnabled -eq $true) { #create and provision ApplicationEnforcedRestrictions object if used - $sessioncontrols.ApplicationEnforcedRestrictions.IsEnabled = $true + $sessioncontrols.ApplicationEnforcedRestrictions.Add('IsEnabled', $true) } if ($CloudAppSecurityIsEnabled) { diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index fba4f4ea23..7da937491b 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.5" + RequiredVersion = "1.1.7" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 7f2b2f7538..3715c9ef21 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-01-10 +# Generated on: 2024-01-17 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.110.1' + ModuleVersion = '1.24.117.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -141,31 +141,31 @@ # ReleaseNotes of this module ReleaseNotes = '* AADAdministrativeUnit - * Fix the Update logic flow to get around a bug in Microsoft.Graph 2.11.1. - * AADAuthenticationMethodPolicyX509 - * Added support for the property for include targets + * Used generic Graph API URL from MSCloudLoginConnectionProfile. + * AADApplication + * Ignore Permissions in tests if not passed. Preventing null comparison errors. + * AADAttributeSet + * Removed the ability to specify a value of Absent for the Ensure property. * AADConditionalAccessPolicy - * Added support for application filters in the conditions. - * Implement Fix #3885. Manage Exclude Application. - FIXES [[#3885](https://github.com/microsoft/Microsoft365DSC/issues/3885)] - * AADGroupOwnerConsentSettings - * Initial release - Implements [#4112](https://github.com/microsoft/Microsoft365DSC/issues/4112) - * EXOHostedContentFilterPolicy - * Fix issue on parameters AllowedSenders, AllowedSenderDomains, BlockedSenders, - BlockSenderDomains if desired state is empty but current state is not empty. - FIXES[#4124](https://github.com/microsoft/Microsoft365DSC/issues/4124) - * EXOMailContact - * Added support for Custom Attributes and Extension Custom Attributes. + * Fixes an error where the ApplicationEnforcedRestrictionsIsEnabled parameter + was always set to false in scenarios where it should have been null. + * AADAuthenticationMethodPolicy + * Removed the ability to specify a value of Absent for the Ensure property. + * AADAuthenticationMethodPolicyX509 + * Fix the way we returned an empty rule set from the Get method. This caused + the Test-TargetResource method to return true even when instances matched. + * AADRoleSetting + * Removed the ability to specify a value of Absent for the Ensure property. + * EXOAntiPhishPolicy + * Add support for HonorDmarcPolicy parameter + FIXES [[#4138](https://github.com/microsoft/Microsoft365DSC/issues/4138)] * IntuneDeviceConfigurationPolicyMacOS - * Fix workaround added on PR #4099 in order to be able to use this resource - for deployments - FIXES [#4105](https://github.com/microsoft/Microsoft365DSC/issues/4105) - * SCDLPComplianceRule - * Fix type of AccessScope - FIXES [#3463](https://github.com/microsoft/Microsoft365DSC/issues/3463) - * TeamsTenantDialPlan - * FIXES [#3767](https://github.com/microsoft/Microsoft365DSC/issues/3767)' + * Fix CIM instances comparison in Test-TargetResource and export + CompliantAppsList with the correct type + FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144) + * DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. + * Updated MSCloudLoginAssistant to version 1.1.6.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false