microsoft · desmay · May 26, 2021 · May 12, 2021 · May 19, 2021 · May 19, 2021
@@ -285,7 +285,15 @@ function Set-TargetResource
     {
         $MalwareFilterRuleParams.Remove('Enabled') | Out-Null
         Write-Verbose -Message "Setting MalwareFilterRule $($Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $MalwareFilterRuleParams)"
-        Set-MalwareFilterRule @MalwareFilterRuleParams -Confirm:$false
+        if ($MalwareFilterRuleParams.MalwareFilterPolicy -ne $MalwareFilterRule.MalwareFilterPolicy)
+        {
+            Set-MalwareFilterRule @MalwareFilterRuleParams -Confirm:$false
+        }
+        else
+        {
+            $MalwareFilterRuleParams.Remove('MalwareFilterPolicy')
+            Set-MalwareFilterRule @MalwareFilterRuleParams -Confirm:$false
+        } 
     }
     elseif (('Absent' -eq $Ensure ) -and ($null -ne $MalwareFilterRule))
     {

@@ -283,31 +283,46 @@ function Set-TargetResource
         -InboundParameters $PSBoundParameters
 
     $SafeAttachmentRules = Get-SafeAttachmentRule
-
     $SafeAttachmentRule = $SafeAttachmentRules | Where-Object -FilterScript { $_.Identity -eq $Identity }
+    $SafeAttachmentRuleParams = [System.Collections.Hashtable]($PSBoundParameters)
+    $SafeAttachmentRuleParams.Remove('Ensure') | Out-Null
+    $SafeAttachmentRuleParams.Remove('GlobalAdminAccount') | Out-Null
+    $SafeAttachmentRuleParams.Remove('ApplicationId') | Out-Null
+    $SafeAttachmentRuleParams.Remove('TenantId') | Out-Null
+    $SafeAttachmentRuleParams.Remove('CertificateThumbprint') | Out-Null
+    $SafeAttachmentRuleParams.Remove('CertificatePath') | Out-Null
+    $SafeAttachmentRuleParams.Remove('CertificatePassword') | Out-Null 
 
     if (('Present' -eq $Ensure ) -and (-not $SafeAttachmentRule))
     {
         New-EXOSafeAttachmentRule -SafeAttachmentRuleParams $PSBoundParameters
     }
 
-    if (('Present' -eq $Ensure ) -and ($SafeAttachmentRule))
+    elseif (('Present' -eq $Ensure ) -and ($SafeAttachmentRule))
     {
-        if ($PSBoundParameters.Enabled -and ('Disabled' -eq $SafeAttachmentRule.State))
+         if ($SafeAttachmentRuleParams.Enabled -and ('Disabled' -eq $SafeAttachmentRule.State))
         {
             # New-SafeAttachmentRule has the Enabled parameter, Set-SafeAttachmentRule does not.
             # There doesn't appear to be any way to change the Enabled state of a rule once created.
             Write-Verbose -Message "Removing SafeAttachmentRule $($Identity) in order to change Enabled state."
             Remove-SafeAttachmentRule -Identity $Identity -Confirm:$false
-            New-EXOSafeAttachmentRule -SafeAttachmentRuleParams $PSBoundParameters
+            New-EXOSafeAttachmentRule -SafeAttachmentRuleParams $SafeAttachmentRuleParams
         }
         else
         {
-            Set-EXOSafeAttachmentRule -SafeAttachmentRuleParams $PSBoundParameters
-        }
+            if ($SafeAttachmentRuleParams.SafeAttachmentPolicy -ne $SafeAttachmentRule.SafeAttachmentPolicy)
+            {
+                Set-EXOSafeAttachmentRule -SafeAttachmentRuleParams $SafeAttachmentRuleParams
+            }
+            else
+            {
+                $SafeAttachmentRuleParams.Remove('SafeAttachmentPolicy')
+                Set-EXOSafeAttachmentRule -SafeAttachmentRuleParams $SafeAttachmentRuleParams
+            }
+        } 
     }
 
-    if (('Absent' -eq $Ensure ) -and ($SafeAttachmentRule))
+    elseif (('Absent' -eq $Ensure ) -and ($SafeAttachmentRule))
     {
         Write-Verbose -Message "Removing SafeAttachmentRule $($Identity)"
         Remove-SafeAttachmentRule -Identity $Identity -Confirm:$false

@@ -272,8 +272,16 @@ function Set-TargetResource
         -InboundParameters $PSBoundParameters
 
     $SafeLinksRules = Get-SafeLinksRule
-
     $SafeLinksRule = $SafeLinksRules | Where-Object -FilterScript { $_.Identity -eq $Identity }
+    $SafeLinksRuleParams = [System.Collections.Hashtable]($PSBoundParameters)
+    $SafeLinksRuleParams.Remove('Ensure') | Out-Null
+    $SafeLinksRuleParams.Remove('GlobalAdminAccount') | Out-Null
+    $SafeLinksRuleParams.Remove('ApplicationId') | Out-Null
+    $SafeLinksRuleParams.Remove('TenantId') | Out-Null
+    $SafeLinksRuleParams.Remove('CertificateThumbprint') | Out-Null
+    $SafeLinksRuleParams.Remove('CertificatePath') | Out-Null
+    $SafeLinksRuleParams.Remove('CertificatePassword') | Out-Null 
+
 
     if (('Present' -eq $Ensure ) -and (-not $SafeLinksRule))
     {
@@ -292,7 +300,15 @@ function Set-TargetResource
         }
         else
         {
-            Set-EXOSafeLinksRule -SafeLinksRuleParams $PSBoundParameters
+            if ($SafeLinksRuleParams.SafeLinksPolicy -ne $SafeLinksRule.SafeLinksPolicy)
+            {
+                Set-EXOSafeLinksRule -SafeLinksRuleParams $SafeLinksRuleParams
+            }
+            else
+            {
+                $SafeLinksRuleParams.Remove('SafeLinksPolicy')
+                Set-EXOSafeLinksRule -SafeLinksRuleParams $SafeLinksRuleParams
+            } 
         }
     }