microsoft · NikCharlebois · Oct 13, 2023 · Oct 13, 2023
@@ -5,6 +5,8 @@
 * AADAuthenticationMethodPolicyAuthenticator
   * Fixes an issue with the Get method when an assigned group
     was deleted.
+* AADConditionalAccessPolicy
+  * Added support for the SigninFrequencyInterval parameter.
 
 # 1.23.1011.1
 

@@ -159,6 +159,11 @@ function Get-TargetResource
         [System.Boolean]
         $SignInFrequencyIsEnabled,
 
+        [Parameter()]
+        [ValidateSet('timeBased', 'everyTime', 'unknownFutureValue')]
+        [System.String]
+        $SignInFrequencyInterval,
+
         [Parameter()]
         [ValidateSet('Always', 'Never', '')]
         [System.String]
@@ -525,10 +530,12 @@ function Get-TargetResource
         if ($Policy.SessionControls.SignInFrequency.IsEnabled)
         {
             $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type
+            $SignInFrequencyIntervalValue = [System.String]$Policy.SessionControls.SignInFrequency.FrequencyInterval
         }
         else
         {
             $SignInFrequencyType = $null
+            $SignInFrequencyIntervalValue = $null
         }
         if ($Policy.SessionControls.PersistentBrowser.IsEnabled)
         {
@@ -626,6 +633,7 @@ function Get-TargetResource
             SignInFrequencyValue                     = $Policy.SessionControls.SignInFrequency.Value
             #no translation or conversion needed, $null returned if undefined
             SignInFrequencyType                      = [System.String]$Policy.SessionControls.SignInFrequency.Type
+            SignInFrequencyInterval                  = $SignInFrequencyIntervalValue
             #no translation needed
             PersistentBrowserIsEnabled               = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
             #make false if undefined, true if true
@@ -807,6 +815,11 @@ function Set-TargetResource
         [System.Boolean]
         $SignInFrequencyIsEnabled,
 
+        [Parameter()]
+        [ValidateSet('timeBased', 'everyTime', 'unknownFutureValue')]
+        [System.String]
+        $SignInFrequencyInterval,
+
         [Parameter()]
         [ValidateSet('Always', 'Never', '')]
         [System.String]
@@ -1421,16 +1434,32 @@ function Set-TargetResource
             if ($SignInFrequencyIsEnabled)
             {
                 $SigninFrequencyProp = @{
-                    IsEnabled = $true
-                    Type      = $null
-                    Value     = $null
+                    isEnabled         = $true
+                    type              = $null
+                    value             = $null
+                    frequencyInterval = $null
                 }
 
                 $sessioncontrols.Add('SignInFrequency', $SigninFrequencyProp)
                 #create and provision SignInFrequency object if used
-                $sessioncontrols.SignInFrequency.IsEnabled = $true
-                $sessioncontrols.SignInFrequency.Type = $SignInFrequencyType
-                $sessioncontrols.SignInFrequency.Value = $SignInFrequencyValue
+                $sessioncontrols.SignInFrequency.isEnabled = $true
+                if ($SignInFrequencyType -ne '')
+                {
+                    $sessioncontrols.SignInFrequency.type = $SignInFrequencyType
+                }
+                else
+                {
+                    $sessioncontrols.SignInFrequency.Remove("type") | Out-Null
+                }
+                if ($SignInFrequencyValue -gt 0)
+                {
+                    $sessioncontrols.SignInFrequency.value = $SignInFrequencyValue
+                }
+                else
+                {
+                    $sessioncontrols.SignInFrequency.Remove("value") | Out-Null
+                }
+                $sessioncontrols.SignInFrequency.frequencyInterval = $SignInFrequencyInterval
             }
             if ($PersistentBrowserIsEnabled)
             {
@@ -1670,6 +1699,11 @@ function Test-TargetResource
         [System.Boolean]
         $SignInFrequencyIsEnabled,
 
+        [Parameter()]
+        [ValidateSet('timeBased', 'everyTime', 'unknownFutureValue')]
+        [System.String]
+        $SignInFrequencyInterval,
+
         [Parameter()]
         [ValidateSet('Always', 'Never', '')]
         [System.String]

@@ -23,7 +23,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[];
     [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[];
     [Write, Description("AAD Named Locations out of scope of the Policy.")] String ExcludeLocations[];
-    [Write, Description("Client Device Filter mode of the Policy."), ValueMap{"include","exclude"}, Values{"include","exclude"}]  String DeviceFilterMode;
+    [Write, Description("Client Device Filter mode of the Policy."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String DeviceFilterMode;
     [Write, Description("Client Device Filter rule of the Policy.")] String DeviceFilterRule;
     [Write, Description("AAD Identity Protection User Risk Levels in scope of the Policy.")] String UserRiskLevels[];
     [Write, Description("AAD Identity Protection Sign-in Risk Levels in scope of the Policy.")] String SignInRiskLevels[];
@@ -38,6 +38,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Custom Controls assigned to the grant property of this policy.")] String CustomAuthenticationFactors[];
     [Write, Description("Sign in frequency unit (days/hours) to be interpreted by the policy."), ValueMap{"Days","Hours",""}, Values{"Days","Hours",""}] String SignInFrequencyType;
     [Write, Description("Specifies, whether sign-in frequency is enforced by the Policy.")] Boolean SignInFrequencyIsEnabled;
+    [Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}]  String SignInFrequencyInterval;
     [Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
     [Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
     [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;