Migrate Intune EDR resource to Settings Catalog cmdlets

FabienTschanz · Oct 4, 2024 · 6313ade · 6313ade
1 parent 41ef158
commit 6313ade
Show file tree

Hide file tree

Showing 7 changed files with 319 additions and 845 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,8 @@
 * M365DSCDRGUtil
   * Fixes an issue for the handling of skipped one-property elements in the
     Settings Catalog. FIXES [#5086](https://github.com/microsoft/Microsoft365DSC/issues/5086)
+  * Add Set support for secret Settings Catalog values
+  * Removed unused functions
 
 # 1.24.1002.1
 

diff --git a/...ionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/...ionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1
diff --git a/...ResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.schema.mof b/...ResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.schema.mof
@@ -14,6 +14,7 @@ class MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10 : OMI_BaseResource
 {
     [Write, Description("Identity of the endpoint detection and response policy for Windows 10.")] String Identity;
     [Key, Description("Display name of the endpoint detection and response policy for Windows 10.")] String DisplayName;
+    [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[];
     [Write, Description("Description of the endpoint detection and response policy for Windows 10.")] String Description;
     [Write, Description("Assignments of the endpoint detection and response policy for Windows 10."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];
     [Write, Description("Return or set Windows Defender Advanced Threat Protection Sample Sharing configuration parameter: 0 - none, 1 - All"), ValueMap{"0", "1"}, Values{"0", "1"}] String SampleSharing;

diff --git a/...t365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-Create.ps1 b/...t365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-Create.ps1
@@ -31,6 +31,9 @@ Configuration Example
             ApplicationId         = $ApplicationId;
             TenantId              = $TenantId;
             CertificateThumbprint = $CertificateThumbprint;
+            ConfigurationBlob = "Blob"
+            ConfigurationType = "onboard"
+            SampleSharing = 1
         }
     }
 }
diff --git a/...t365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/2-Update.ps1 b/...t365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/2-Update.ps1
@@ -31,6 +31,9 @@ Configuration Example
             ApplicationId         = $ApplicationId;
             TenantId              = $TenantId;
             CertificateThumbprint = $CertificateThumbprint;
+            ConfigurationBlob = "Blob"
+            ConfigurationType = "onboard"
+            SampleSharing = 1
         }
     }
 }
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
@@ -501,7 +501,6 @@ function Get-M365DSCDRGSimpleObjectTypeToString
         [Parameter()]
         [System.String]
         $Space = '                '
-
     )
 
     $returnValue = ''
@@ -837,250 +836,6 @@ function Convert-M365DSCDRGComplexTypeToHashtable
     return [hashtable]$results
 }
 
-function Get-SettingCatalogSettingValue
-{
-    [CmdletBinding()]
-    [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])]
-    param (
-        [Parameter()]
-        $SettingValue,
-        [Parameter()]
-        $SettingValueType
-
-    )
-
-    switch -Wildcard ($SettingValueType)
-    {
-        '*ChoiceSettingInstance'
-        {
-            $complexValue = @{}
-            $complexValue.Add('odataType',$SettingValue.'@odata.type')
-            $complexValue.Add('Value',$SettingValue.value)
-            $children = @()
-            foreach($child in $SettingValue.children)
-            {
-                $complexChild = @{}
-                $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId)
-                $complexChild.Add('odataType', $child.'@odata.type')
-                $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value')
-                $valueName = Get-StringFirstCharacterToLower -Value $valueName
-                $rawValue = $child.$valueName
-                $childSettingValue = Get-SettingCatalogSettingValue -SettingValue $rawValue -SettingValueType $child.'@odata.type'
-                $complexChild.Add($valueName,$childSettingValue)
-                $children += $complexChild
-            }
-            $complexValue.Add('Children',$children)
-        }
-        '*ChoiceSettingCollectionInstance'
-        {
-            $complexCollection = @()
-            foreach($item in $SettingValue)
-            {
-                $complexValue = @{}
-                $complexValue.Add('Value',$item.value)
-                $children = @()
-                foreach($child in $item.children)
-                {
-                    $complexChild = @{}
-                    $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId)
-                    $complexChild.Add('odataType', $child.'@odata.type')
-                    $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value')
-                    $valueName = Get-StringFirstCharacterToLower -Value $valueName
-                    $rawValue = $child.$valueName
-                    $childSettingValue = Get-SettingCatalogSettingValue -SettingValue $rawValue  -SettingValueType $child.'@odata.type'
-                    $complexChild.Add($valueName,$childSettingValue)
-                    $children += $complexChild
-                }
-                $complexValue.Add('Children',$children)
-                $complexCollection += $complexValue
-            }
-            return ,([hashtable[]]$complexCollection)
-        }
-        '*SimpleSettingInstance'
-        {
-            $complexValue = @{}
-            $complexValue.Add('odataType',$SettingValue.'@odata.type')
-            $valueName = 'IntValue'
-            $value = $SettingValue.value
-            if($SettingValue.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue')
-            {
-                $valueName = 'StringValue'
-            }
-            $complexValue.Add($valueName,$value)
-            if($SettingValue.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationSecretSettingValue')
-            {
-                $complexValue.Add('ValueState',$SettingValue.valueState)
-            }
-        }
-        '*SimpleSettingCollectionInstance'
-        {
-            $complexCollection = @()
-
-            foreach($item in $SettingValue)
-            {
-                $complexValue = @{}
-                $complexValue.Add('odataType',$item.'@odata.type')
-                $valueName = 'IntValue'
-                $value = $item.value
-                if($item.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationIntegerSettingValue')
-                {
-                    $valueName = 'StringValue'
-                }
-                $complexValue.Add($valueName,$value)
-                if($item.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationSecretSettingValue')
-                {
-                    $complexValue.Add('ValueState',$item.valueState)
-                }
-                $complexCollection += $complexValue
-            }
-            return ,([hashtable[]]$complexCollection)
-        }
-        '*GroupSettingInstance'
-        {
-            $complexValue = @{}
-            $complexValue.Add('odataType',$SettingValue.'@odata.type')
-            $children = @()
-            foreach($child in $SettingValue.children)
-            {
-                $complexChild = @{}
-                $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId)
-                $complexChild.Add('odataType', $child.'@odata.type')
-                $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value')
-                $valueName = Get-StringFirstCharacterToLower -Value $valueName
-                $rawValue = $child.$valueName
-                $settingValue = Get-SettingCatalogSettingValue -SettingValue $rawValue  -SettingValueType $child.'@odata.type'
-                $complexChild.Add($valueName,$settingValue)
-                $children += $complexChild
-            }
-            $complexValue.Add('Children',$children)
-        }
-        '*GroupSettingCollectionInstance'
-        {
-            $complexCollection = @()
-            foreach($groupSettingValue in $SettingValue)
-            {
-                $complexValue = @{}
-                #$complexValue.Add('odataType',$SettingValue.'@odata.type')
-                $children = @()
-                foreach($child in $groupSettingValue.children)
-                {
-                    $complexChild = @{}
-                    $complexChild.Add('SettingDefinitionId', $child.settingDefinitionId)
-                    $complexChild.Add('odataType', $child.'@odata.type')
-                    $valueName = $child.'@odata.type'.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value')
-                    $valueName = Get-StringFirstCharacterToLower -Value $valueName
-                    $rawValue = $child.$valueName
-                    $settingValue = Get-SettingCatalogSettingValue -SettingValue $rawValue  -SettingValueType $child.'@odata.type'
-                    $complexChild.Add($valueName,$settingValue)
-                    $children += $complexChild
-                }
-                $complexValue.Add('Children',$children)
-                $complexCollection += $complexValue
-            }
-            return ,([hashtable[]]$complexCollection)
-        }
-    }
-    return $complexValue
-}
-
-function Get-SettingCatalogPolicySettingsFromTemplate
-{
-    [CmdletBinding()]
-    [OutputType([System.Array])]
-    param
-    (
-        [Parameter(Mandatory = $true)]
-        [System.Collections.Hashtable]
-        $DSCParams,
-
-        [Parameter(Mandatory = $true)]
-        [System.String]
-        $templateReferenceId
-    )
-
-    $DSCParams.Remove('Identity') | Out-Null
-    $DSCParams.Remove('DisplayName') | Out-Null
-    $DSCParams.Remove('Description') | Out-Null
-
-    $settings = @()
-
-    $templateSettings = Get-MgDeviceManagementConfigurationPolicyTemplateSettingTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId
-
-    $simpleSettings = @()
-    $simpleSettings += $templateSettings.SettingInstanceTemplate | Where-Object -FilterScript `
-    { $_.AdditionalProperties.'@odata.type' -ne '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstanceTemplate' }
-    foreach ($templateSetting in $simpleSettings)
-    {
-        $setting = @{}
-        $settingKey = $DSCParams.keys | Where-Object -FilterScript { $templateSetting.settingDefinitionId -like "*$($_)" }
-        if ((-not [String]::IsNullOrEmpty($settingKey)) -and $DSCParams."$settingKey")
-        {
-            $setting.Add('@odata.type', '#microsoft.graph.deviceManagementConfigurationSetting')
-            $myFormattedSetting = Format-M365DSCParamsToSettingInstance -DSCParams @{$settingKey = $DSCParams."$settingKey" } `
-                -TemplateSetting $templateSetting
-
-            $setting.Add('settingInstance', $myFormattedSetting)
-            $settings += $setting
-            $DSCParams.Remove($settingKey) | Out-Null
-        }
-    }
-
-    #Prepare attacksurfacereductionrules groupCollectionTemplateSettings
-    $groupCollectionTemplateSettings = @()
-    $groupCollectionTemplateSettings += $templateSettings.SettingInstanceTemplate | Where-Object -FilterScript `
-    { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstanceTemplate' }
-
-    foreach ($groupCollectionTemplateSetting in $groupCollectionTemplateSettings)
-    {
-        $setting = @{}
-        $setting.Add('@odata.type', '#microsoft.graph.deviceManagementConfigurationSetting')
-        $settingInstance = [ordered]@{}
-        $settingInstance.Add('@odata.type', '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance')
-        $settingInstance.Add('settingDefinitionId', $groupCollectionTemplateSetting.settingDefinitionId)
-        $settingInstance.Add('settingInstanceTemplateReference', @{
-                '@odata.type'               = '#microsoft.graph.deviceManagementConfigurationSettingInstanceTemplateReference'
-                'settingInstanceTemplateId' = $groupCollectionTemplateSetting.settingInstanceTemplateId
-            })
-        $groupSettingCollectionValues = @()
-        $groupSettingCollectionValueChildren = @()
-        $groupSettingCollectionValue = @{}
-        $groupSettingCollectionValue.Add('@odata.type', '#microsoft.graph.deviceManagementConfigurationGroupSettingValue')
-
-        $settingValueTemplateId = $groupCollectionTemplateSetting.AdditionalProperties.groupSettingCollectionValueTemplate.settingValueTemplateId
-        if (-Not [string]::IsNullOrEmpty($settingValueTemplateId))
-        {
-            $groupSettingCollectionValue.Add('settingValueTemplateReference', @{'settingValueTemplateId' = $SettingValueTemplateId })
-        }
-
-        foreach ($key in $DSCParams.keys)
-        {
-            $templateValue = $groupCollectionTemplateSetting.AdditionalProperties.groupSettingCollectionValueTemplate.children | Where-Object `
-                -FilterScript { $_.settingDefinitionId -like "*$key" }
-            if ($templateValue)
-            {
-                $groupSettingCollectionValueChild = Format-M365DSCParamsToSettingInstance `
-                    -DSCParams @{$key = $DSCParams."$key" } `
-                    -TemplateSetting $templateValue `
-                    -IncludeSettingValueTemplateId $false `
-                    -IncludeSettingInstanceTemplateId $false
-
-                $groupSettingCollectionValueChildren += $groupSettingCollectionValueChild
-            }
-        }
-        $groupSettingCollectionValue.Add('children', $groupSettingCollectionValueChildren)
-        $groupSettingCollectionValues += $groupSettingCollectionValue
-        $settingInstance.Add('groupSettingCollectionValue', $groupSettingCollectionValues)
-        $setting.Add('settingInstance', $settingInstance)
-
-        if ($setting.settingInstance.groupSettingCollectionValue.children.count -gt 0)
-        {
-            $settings += $setting
-        }
-    }
-
-    return $settings
-}
-
 function ConvertFrom-IntunePolicyAssignment
 {
     [CmdletBinding()]
@@ -1965,6 +1720,11 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue
             $settingValue = @{}
             if (-not [string]::IsNullOrEmpty($SettingValueType))
             {
+                if ($SettingDefinition.AdditionalProperties.valueDefinition.isSecret)
+                {
+                    $SettingValueType = "#microsoft.graph.deviceManagementConfigurationSecretSettingValue"
+                    $settingValue.Add('valueState', 'NotEncrypted')
+                }
                 $settingValue.Add('@odata.type', $SettingValueType)
             }
             if (-not [string]::IsNullOrEmpty($settingValueTemplateId))