Merge branch 'Dev' into fix/onboarding-blob

CHANGELOG.md

@@ -2,12 +2,19 @@
 
 # UNRELEASED
 
+* AADGroupSettings
+  * Added support for parameter NewUnifiedGroupWritebackDefault
 * SCAutoSensitivityLabelPolicy
   * Fix incorrect mandatory Credential parameter in Set and Test methods
     FIXES [#4283](https://github.com/microsoft/Microsoft365DSC/issues/4283)
+* IntuneDeviceConfigurationCustomPolicyWindows10
+  * Fixed an issue where the payload of xml files was not encoded as base64.
 * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10
   * Fixed a creation and update issue when the exported policy contains a 
     onboarding blob and the tenant is connected to Defender for Endpoint Service.
+* M365DSCUtil
+  * Fixed an issue where one could not pass empty arrays to the 
+    `Compare-PSCustomObjectArrays` function.
 * DEPENDENCIES
   * Updated Microsoft.Graph to version 2.18.0.
   * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182.
@@ -27,6 +34,10 @@
     onboarding blob is generated by the Defender for Endpoint service.
 * IntuneDeviceConfigurationPolicyMacOS
   * Fixed an issue where the update policy setting was not handled properly.
+* IntuneDeviceConfigurationWiredNetworkPolicyWindows10
+  * Added functionality for specifying the certificates with a display name since their
+    ids in the blueprint might be from a different source tenant.  
+    FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582)
 * MISC
   * Added support for AccessTokens in EXO resources.
   * Updated MSCloudLoginAssistant dependencies to version 1.1.16.

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1

@@ -41,6 +41,10 @@ function Get-TargetResource
         [System.String]
         $UsageGuidelinesUrl,
 
+        [Parameter()]
+        [System.Boolean]
+        $NewUnifiedGroupWritebackDefault,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -123,24 +127,26 @@ function Get-TargetResource
             $valueGuestUsageGuidelinesUrl = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GuestUsageGuidelinesUrl' }
             $valueAllowToAddGuests = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowToAddGuests' }
             $valueUsageGuidelinesUrl = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'UsageGuidelinesUrl' }
+            $valueNewUnifiedGroupWritebackDefault = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'NewUnifiedGroupWritebackDefault' }
 
             $result = @{
-                IsSingleInstance          = 'Yes'
-                EnableGroupCreation       = [Boolean]::Parse($valueEnableGroupCreation.Value)
-                EnableMIPLabels           = [Boolean]::Parse($valueEnableMIPLabels.Value)
-                AllowGuestsToBeGroupOwner = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value)
-                AllowGuestsToAccessGroups = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value)
-                GuestUsageGuidelinesUrl   = $valueGuestUsageGuidelinesUrl.Value
-                AllowToAddGuests          = [Boolean]::Parse($valueAllowToAddGuests.Value)
-                UsageGuidelinesUrl        = $valueUsageGuidelinesUrl.Value
-                Ensure                    = 'Present'
-                ApplicationId             = $ApplicationId
-                TenantId                  = $TenantId
-                ApplicationSecret         = $ApplicationSecret
-                CertificateThumbprint     = $CertificateThumbprint
-                Credential                = $Credential
-                Managedidentity           = $ManagedIdentity.IsPresent
-                AccessTokens              = $AccessTokens
+                IsSingleInstance                = 'Yes'
+                EnableGroupCreation             = [Boolean]::Parse($valueEnableGroupCreation.Value)
+                EnableMIPLabels                 = [Boolean]::Parse($valueEnableMIPLabels.Value)
+                AllowGuestsToBeGroupOwner       = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value)
+                AllowGuestsToAccessGroups       = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value)
+                GuestUsageGuidelinesUrl         = $valueGuestUsageGuidelinesUrl.Value
+                AllowToAddGuests                = [Boolean]::Parse($valueAllowToAddGuests.Value)
+                UsageGuidelinesUrl              = $valueUsageGuidelinesUrl.Value
+                NewUnifiedGroupWritebackDefault = [Boolean]::Parse($valueNewUnifiedGroupWritebackDefault.Value)
+                Ensure                          = 'Present'
+                ApplicationId                   = $ApplicationId
+                TenantId                        = $TenantId
+                ApplicationSecret               = $ApplicationSecret
+                CertificateThumbprint           = $CertificateThumbprint
+                Credential                      = $Credential
+                Managedidentity                 = $ManagedIdentity.IsPresent
+                AccessTokens                    = $AccessTokens
             }
 
             if (-not [System.String]::IsNullOrEmpty($AllowedGroupName))
@@ -206,6 +212,10 @@ function Set-TargetResource
         [System.String]
         $UsageGuidelinesUrl,
 
+        [Parameter()]
+        [System.Boolean]
+        $NewUnifiedGroupWritebackDefault,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -321,6 +331,11 @@ function Set-TargetResource
                 $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'UsageGuidelinesUrl' }
                 $entry.Value = $UsageGuidelinesUrl
             }
+            elseif ($property.Name -eq 'NewUnifiedGroupWritebackDefault')
+            {
+                $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'NewUnifiedGroupWritebackDefault' }
+                $entry.Value = [System.Boolean]$NewUnifiedGroupWritebackDefault
+            }
             $index++
         }
 
@@ -377,6 +392,10 @@ function Test-TargetResource
         [System.String]
         $UsageGuidelinesUrl,
 
+        [Parameter()]
+        [System.Boolean]
+        $NewUnifiedGroupWritebackDefault,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]

Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof

@@ -10,6 +10,7 @@ class MSFT_AADGroupsSettings : OMI_BaseResource
     [Write, Description("Name of the security group for which the members are allowed to create Office 365 groups even when EnableGroupCreation == false.")] String GroupCreationAllowedGroupName;
     [Write, Description("A boolean indicating whether or not is allowed to add guests to this directory.")] Boolean AllowToAddGuests;
     [Write, Description("A link to the Group Usage Guidelines.")] String UsageGuidelinesUrl;
+    [Write, Description("Boolean, a tenant-wide setting that assigns the default value to the writebackConfiguration/isEnabled property of new groups, if the property isn't specified during group creation. This setting is applicable when group writeback is configured in Microsoft Entra Connect.")] Boolean NewUnifiedGroupWritebackDefault;
     [Write, Description("Specify if the Azure AD Groups Naming Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1

@@ -1081,7 +1081,7 @@ function Export-TargetResource
                 }
 
                 $Results = Get-TargetResource @Params
-                $Results.Password = "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString 'Pass@word!11' -AsPlainText -Force));"
+                $Results.Password = "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force));"
                 if ($null -ne $Results.UserPrincipalName)
                 {
                     $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `

Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedConnectionFilterPolicy/MSFT_EXOHostedConnectionFilterPolicy.psm1

@@ -95,9 +95,6 @@ function Get-TargetResource
     $nullReturn.Ensure = 'Absent'
     try
     {
-        Write-Verbose -Message 'Global ExchangeOnlineSession status:'
-        Write-Verbose -Message "$( Get-PSSession -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.Name -eq 'ExchangeOnline' } | Out-String)"
-
         try
         {
             $HostedConnectionFilterPolicy = Get-HostedConnectionFilterPolicy -Identity $Identity -ErrorAction Stop

Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeAttachmentRule/MSFT_EXOSafeAttachmentRule.psm1

@@ -116,9 +116,6 @@ function Get-TargetResource
 
     try
     {
-        Write-Verbose -Message 'Global ExchangeOnlineSession status:'
-        Write-Verbose -Message "$( Get-PSSession -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.Name -eq 'ExchangeOnline' } | Out-String)"
-
         try
         {
             $SafeAttachmentRules = Get-SafeAttachmentRule -ErrorAction Stop

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1

@@ -152,7 +152,11 @@ function Get-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     Write-Verbose -Message "Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"
@@ -230,6 +234,7 @@ function Get-TargetResource
         $returnHashtable.Add('ApplicationSecret', $ApplicationSecret)
         $returnHashtable.Add('CertificateThumbprint', $CertificateThumbprint)
         $returnHashtable.Add('ManagedIdentity', $ManagedIdentity.IsPresent)
+        $returnHashtable.Add('AccessTokens', $AccessTokens)
 
         $returnAssignments = @()
         $graphAssignments = Get-MgBetaDeviceManagementIntentAssignment -DeviceManagementIntentId $policy.Id
@@ -418,7 +423,11 @@ function Set-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
@@ -444,6 +453,7 @@ function Set-TargetResource
     $PSBoundParameters.Remove('ApplicationSecret') | Out-Null
     $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null
     $PSBoundParameters.Remove('ManagedIdentity') | Out-Null
+    $PSBoundParameters.Remove('AccessTokens') | Out-Null
 
     $IncorrectParameters = @{
         BlockPersistenceThroughWmiType                  = @("userDefined", "warn")
@@ -722,7 +732,11 @@ function Test-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
     #Ensure the proper dependencies are installed in the current environment.
     Confirm-M365DSCDependencies
@@ -748,10 +762,6 @@ function Test-TargetResource
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
 
     $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
-    $ValuesToCheck.Remove('Credential') | Out-Null
-    $ValuesToCheck.Remove('ApplicationId') | Out-Null
-    $ValuesToCheck.Remove('TenantId') | Out-Null
-    $ValuesToCheck.Remove('ApplicationSecret') | Out-Null
     $ValuesToCheck.Remove('Identity') | Out-Null
 
     $testResult = $true
@@ -813,7 +823,11 @@ function Export-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
@@ -862,6 +876,7 @@ function Export-TargetResource
                 ApplicationSecret     = $ApplicationSecret
                 CertificateThumbprint = $CertificateThumbprint
                 Managedidentity       = $ManagedIdentity.IsPresent
+                AccessTokens          = $AccessTokens
             }
 
             $Results = Get-TargetResource @params

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1

@@ -103,7 +103,11 @@ function Get-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     Write-Verbose -Message "Checking for the Intune Account Protection LAPS Policy {$DisplayName}"
@@ -249,6 +253,7 @@ function Get-TargetResource
         $returnHashtable.Add('ApplicationSecret', $ApplicationSecret)
         $returnHashtable.Add('CertificateThumbprint', $CertificateThumbprint)
         $returnHashtable.Add('ManagedIdentity', $ManagedIdentity.IsPresent)
+        $returnHashtable.Add('AccessTokens', $AccessTokens)
 
         return $returnHashtable
     }
@@ -369,7 +374,11 @@ function Set-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     #Ensure the proper dependencies are installed in the current environment.
@@ -392,6 +401,7 @@ function Set-TargetResource
     $PSBoundParameters.Remove('ApplicationSecret') | Out-Null
     $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null
     $PSBoundParameters.Remove('ManagedIdentity') | Out-Null
+    $PSBoundParameters.Remove('AccessTokens') | Out-Null
 
     $templateReferenceId = 'adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1'
     $platforms = 'windows10'
@@ -557,7 +567,11 @@ function Test-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     #Ensure the proper dependencies are installed in the current environment.
@@ -584,10 +598,6 @@ function Test-TargetResource
 
     $ValuesToCheck = ([hashtable]$PSBoundParameters).clone()
     $ValuesToCheck.Remove('Identity') | Out-Null
-    $ValuesToCheck.Remove('Credential') | Out-Null
-    $ValuesToCheck.Remove('ApplicationId') | Out-Null
-    $ValuesToCheck.Remove('TenantId') | Out-Null
-    $ValuesToCheck.Remove('ApplicationSecret') | Out-Null
 
     $testResult = $true
     if ($CurrentValues.Ensure -ne $Ensure)
@@ -647,7 +657,11 @@ function Export-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
@@ -698,6 +712,7 @@ function Export-TargetResource
                 ApplicationSecret     = $ApplicationSecret
                 CertificateThumbprint = $CertificateThumbprint
                 Managedidentity       = $ManagedIdentity.IsPresent
+                AccessTokens          = $AccessTokens
             }
 
             $Results = Get-TargetResource @params

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof

@@ -35,4 +35,5 @@ class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy : OMI
     [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
     [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
     [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
+    [Write, Description("Access token used for authentication.")] String AccessTokens[];
 };