From d46aea86f2484b5afa02962e8ad95d344c03f6d9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 24 Jan 2024 10:03:41 -0500 Subject: [PATCH 01/13] Fixes Integration --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- .../Resources/EXOApplicationAccessPolicy/1-Create.ps1 | 5 +++-- .../Resources/EXOApplicationAccessPolicy/2-Update.ps1 | 5 +++-- .../EXOAuthenticationPolicyAssignment/1-Create.ps1 | 4 ++-- .../EXOAuthenticationPolicyAssignment/2-Update.ps1 | 6 +++--- .../EXOAuthenticationPolicyAssignment/3-Remove.ps1 | 4 ++-- 7 files changed, 15 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb00d07578..03ceb382f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,6 +38,7 @@ empty string instead of a null value from the Get method. * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 2.12.0. + * Updated MicrosoftTeams dependencies to version 5.9.0. # 1.24.117.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 92ac5bc2ff..ed504505f0 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -82,7 +82,7 @@ }, @{ ModuleName = 'MicrosoftTeams' - RequiredVersion = '5.8.0' + RequiredVersion = '5.9.0' }, @{ ModuleName = "MSCloudLoginAssistant" diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 index c88c0ab014..0bbf77f229 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 @@ -13,14 +13,15 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" AccessRight = "DenyAccess" AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") - PolicyScopeGroupId = "Engineering Staff" + PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 index 54b710aa43..1bc69f306a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 @@ -13,14 +13,15 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" AccessRight = "DenyAccess" AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") - PolicyScopeGroupId = "Engineering Staff" + PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy Updated" # Updated Property Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/1-Create.ps1 index 1970482fa3..0fb2f2f613 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/1-Create.ps1 @@ -3,7 +3,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $EXOAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -14,7 +14,7 @@ Configuration Example UserName = "AdeleV" AuthenticationPolicyName = "Block Basic Auth" Ensure = "Present" - Credential = $EXOAdmin + Credential = $Credscredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 index fca14ac182..95191e3232 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 @@ -3,7 +3,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $EXOAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -12,9 +12,9 @@ Configuration Example EXOAuthenticationPolicyAssignment 'ConfigureAuthenticationPolicyAssignment' { UserName = "AdeleV" - AuthenticationPolicyName = "Test Policy" + AuthenticationPolicyName = "Test Policy" # Updaqted Property Ensure = "Present" - Credential = $EXOAdmin + Credential = $Credscredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/3-Remove.ps1 index aa739f5c3e..becf7194b5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/3-Remove.ps1 @@ -3,7 +3,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $EXOAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -14,7 +14,7 @@ Configuration Example UserName = "AdeleV" AuthenticationPolicyName = "Test Policy" Ensure = "Absent" - Credential = $EXOAdmin + Credential = $Credscredential } } } From eb608fb2d6901135b59872e3ced78fabd1ee1e2a Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 24 Jan 2024 22:55:43 +0000 Subject: [PATCH 02/13] Add description to param in schema --- .../MSFT_TeamsMobilityPolicy.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof index 75a9ae245a..d55b284fda 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof @@ -5,7 +5,7 @@ class MSFT_TeamsMobilityPolicy : OMI_BaseResource [Write, Description("Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.")] String Description; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPAudioMobileMode; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPVideoMobileMode; - [Write, Description("N/A")] String MobileDialerPreference; + [Write, Description("Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride.")] String MobileDialerPreference; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 080aac1ad3af91670b0f1fe9332de8a9d16b8c8b Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 24 Jan 2024 22:58:46 +0000 Subject: [PATCH 03/13] Validate string set on parameter --- CHANGELOG.md | 2 ++ .../MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 | 3 +++ .../MSFT_TeamsMobilityPolicy.schema.mof | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12c63de705..f1b95c8934 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -73,6 +73,8 @@ * TeamsMeetingBroadcastPolicy * Fix deletion of resource FIXES [#4231](https://github.com/microsoft/Microsoft365DSC/issues/4231) +* TeamsMobilityPolicy + * Validate string set on parameter MobileDialerPreference * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 2.12.0. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 index 0a9f8ed210..30ff10393e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 @@ -24,6 +24,7 @@ function Get-TargetResource [Parameter()] [System.String] + [ValidateSet('Teams', 'Native', 'UserOverride')] $MobileDialerPreference, [Parameter()] @@ -125,6 +126,7 @@ function Set-TargetResource [Parameter()] [System.String] + [ValidateSet('Teams', 'Native', 'UserOverride')] $MobileDialerPreference, [Parameter()] @@ -246,6 +248,7 @@ function Test-TargetResource [Parameter()] [System.String] + [ValidateSet('Teams', 'Native', 'UserOverride')] $MobileDialerPreference, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof index d55b284fda..30bf8f182c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.schema.mof @@ -5,7 +5,7 @@ class MSFT_TeamsMobilityPolicy : OMI_BaseResource [Write, Description("Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.")] String Description; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPAudioMobileMode; [Write, Description("When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks."), ValueMap{"WifiOnly","AllNetworks"}, Values{"WifiOnly","AllNetworks"}] String IPVideoMobileMode; - [Write, Description("Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride.")] String MobileDialerPreference; + [Write, Description("Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride."), ValueMap{"Teams","Native","UserOverride"}, Values{"Teams","Native","UserOverride"}] String MobileDialerPreference; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From bc55ce25e1b89dd838f2a484ec766b49d8261a07 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 24 Jan 2024 23:03:06 +0000 Subject: [PATCH 04/13] Update tests --- ...icrosoft365DSC.TeamsMobilityPolicy.Tests.ps1 | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 index 95e0e9fc61..746f1aa46b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 @@ -16,6 +16,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` -DscResource 'TeamsMobilityPolicy' -GenericStubModule $GenericStubPath + Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -59,7 +60,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The TeamsMobilityPolicy should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -90,7 +91,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The TeamsMobilityPolicy exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -101,7 +102,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsMobilityPolicy -MockWith { return @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -127,7 +128,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The TeamsMobilityPolicy Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -138,7 +139,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsMobilityPolicy -MockWith { return @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -155,7 +156,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The TeamsMobilityPolicy exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -166,7 +167,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsMobilityPolicy -MockWith { return @{ - MobileDialerPreference = 'FakeStringValueDrift #Drift' + MobileDialerPreference = 'Native' Description = 'FakeStringValueDrift #Drift' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' @@ -199,7 +200,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-CsTeamsMobilityPolicy -MockWith { return @{ - MobileDialerPreference = 'FakeStringValue' + MobileDialerPreference = 'Teams' Description = 'FakeStringValue' IPVideoMobileMode = 'AllNetworks' IPAudioMobileMode = 'AllNetworks' From 4fb38e7889598948b419d185d73eb2ddbcc8f626 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 24 Jan 2024 23:04:37 +0000 Subject: [PATCH 05/13] Remove empty line --- .../Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 index 746f1aa46b..08712766e6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 @@ -21,7 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) From e110f34cd9e341e32a5ef3f01207d6a090ba13ff Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 25 Jan 2024 13:21:09 +0000 Subject: [PATCH 06/13] Search group by its displayname if not found by id --- CHANGELOG.md | 4 ++ .../MSFT_TeamsGroupPolicyAssignment.psm1 | 47 ++++++++++--------- 2 files changed, 30 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12c63de705..2d4626b442 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,6 +70,10 @@ * TeamsFilesPolicy * Fix condition when resource is absent FIXES [#4225](https://github.com/microsoft/Microsoft365DSC/issues/4225) +* TeamsGroupPolicyAssignment + * Ensure assignment can still be created if GroupId is not found by trying to + search by DisplayName afterwards + FIXES [#4248](https://github.com/microsoft/Microsoft365DSC/issues/4248) * TeamsMeetingBroadcastPolicy * Fix deletion of resource FIXES [#4231](https://github.com/microsoft/Microsoft365DSC/issues/4231) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index aeeecc7721..5e8e8c7fa8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -66,39 +66,44 @@ function Get-TargetResource try { - if (-not [System.String]::IsNullOrEmpty($GroupId)) + Write-Verbose -Message "Getting Group with Id {$GroupId}" + $Group = Find-CsGroup -SearchQuery $GroupId -ExactMatchOnly $true -ErrorAction SilentlyContinue + + if ($null -eq $Group) { - Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupId}" - $group = Find-CsGroup -SearchQuery $GroupId -ErrorAction SilentlyContinue - if ($group.Length -gt 1) + Write-Verbose -Message "Could not find Group with Id {$GroupId}, searching with DisplayName {$GroupDisplayName}" + $Group = Find-CsGroup -SearchQuery $GroupDisplayName -ExactMatchOnly $true -ErrorAction SilentlyContinue + + if ($null -eq $Group) { - Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}" - $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } + Write-Verbose -Message "Could not find Group with DisplayName {$GroupDisplayName}" + return $nullReturn } - } - else - { - Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupDisplayName}" - $Group = Find-CsGroup -SearchQuery $GroupDisplayName -ErrorAction SilentlyContinue - if ($Group.Length -gt 1) + + if ($Group -and $Group.Count -gt 1) { - Write-Verbose -Message "Found $($group.Length) groups with the name $GroupDisplayName" - $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } + Write-Verbose -Message "Found $($Group.Count) groups with DisplayName {$GroupDisplayName}" + $Group = $Group | Where-Object -FilterScript { $_.DisplayName -eq $GroupDisplayName } + if ($Group -and $Group.Count -gt 1) + { + Write-Verbose -Message "Still found $($Group.Count) groups with DisplayName {$GroupDisplayName}" + return $nullReturn + } } } - if ($null -eq $Group) - { - Write-Verbose -Message "Group not found for $GroupDisplayName" - return $nullReturn - } + + Write-Verbose -Message "Getting GroupPolicyAssignment with PolicyType {$PolicyType} for Group {$($Group.DisplayName)}" $GroupPolicyAssignment = Get-CsGroupPolicyAssignment -GroupId $Group.Id -PolicyType $PolicyType -ErrorAction SilentlyContinue if ($null -eq $GroupPolicyAssignment) { - Write-Verbose -Message "GroupPolicyAssignment not found for $GroupDisplayName" + Write-Verbose -Message "GroupPolicyAssignment not found for Group $GroupDisplayName" $nullReturn.GroupId = $Group.Id return $nullReturn } - Write-Verbose -Message "Found GroupPolicyAssignment $($Group.Displayname) with PolicyType:$($GroupPolicyAssignment.PolicyType) and Policy Name:$($GroupPolicyAssignment.PolicyName)" + + $Message = "Found GroupPolicyAssignment with PolicyType {$($GroupPolicyAssignment.PolicyType)}, " + ` + "PolicyName {$($GroupPolicyAssignment.PolicyName)} and Priority {$($GroupPolicyAssignment.Priority)} for Group {$($Group.Displayname)}" + Write-Verbose -Message $Message return @{ GroupId = $Group.Id GroupDisplayName = $Group.Displayname From 19cf8b25589b02fd06b3f82f36f759358aa8e82a Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 25 Jan 2024 13:49:45 +0000 Subject: [PATCH 07/13] Add brackets on message as done everywhere else --- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index 5e8e8c7fa8..3e8ad626f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -96,7 +96,7 @@ function Get-TargetResource $GroupPolicyAssignment = Get-CsGroupPolicyAssignment -GroupId $Group.Id -PolicyType $PolicyType -ErrorAction SilentlyContinue if ($null -eq $GroupPolicyAssignment) { - Write-Verbose -Message "GroupPolicyAssignment not found for Group $GroupDisplayName" + Write-Verbose -Message "GroupPolicyAssignment not found for Group {$GroupDisplayName}" $nullReturn.GroupId = $Group.Id return $nullReturn } From 53031acea101686007597219da233fcc9eaac7ed Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 25 Jan 2024 17:09:32 +0000 Subject: [PATCH 08/13] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsMobilityPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/teams/TeamsMobilityPolicy.md b/docs/docs/resources/teams/TeamsMobilityPolicy.md index ce0f1cfdbf..cf1b238da7 100644 --- a/docs/docs/resources/teams/TeamsMobilityPolicy.md +++ b/docs/docs/resources/teams/TeamsMobilityPolicy.md @@ -8,7 +8,7 @@ | **Description** | Write | String | Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to. | | | **IPAudioMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | | **IPVideoMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | -| **MobileDialerPreference** | Write | String | N/A | | +| **MobileDialerPreference** | Write | String | Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride. | `Teams`, `Native`, `UserOverride` | | **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the workload's Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | From 39e26702cf17eb26b5ed23cef12410efb1860cb1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 25 Jan 2024 12:21:48 -0500 Subject: [PATCH 09/13] Ready --- CHANGELOG.md | 4 ++ .../MSFT_EXOApplicationAccessPolicy.psm1 | 56 ++++++++++++++----- .../MSFT_EXODataClassification.psm1 | 12 +--- .../EXOApplicationAccessPolicy/1-Create.ps1 | 2 +- .../EXOApplicationAccessPolicy/2-Update.ps1 | 2 +- .../EXOApplicationAccessPolicy/3-Remove.ps1 | 3 +- .../2-Update.ps1 | 1 + .../EXOClientAccessRule/1-Create.ps1 | 2 +- .../EXOClientAccessRule/2-Update.ps1 | 2 +- .../EXOClientAccessRule/3-Remove.ps1 | 2 +- .../EXODataClassification/1-Create.ps1 | 28 ---------- .../EXODataClassification/2-Update.ps1 | 14 ++--- .../EXODataClassification/3-Remove.ps1 | 28 ---------- 13 files changed, 62 insertions(+), 94 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/1-Create.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/3-Remove.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 03ceb382f5..1eea957a3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,10 @@ QueryString and Characteristic parameters. * EXOAddressList * Fixed an issue trying to create a new instance when DisplayName is empty. +* EXOApplicationAccessPolicy + * Changed the logic to retrieve existing instances based on Scope. +* EXODataClassification + * DEPRECATED Resource. * SPOSharingSettings * Fixed an Issue where the MySiteSharingCapability could be returned as an empty string instead of a null value from the Get method. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 index abde1b37c6..7e7915d0af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 @@ -89,20 +89,45 @@ function Get-TargetResource try { + $ApplicationAccessPolicy = $null try { - $AllApplicationAccessPolicies = Get-ApplicationAccessPolicy -ErrorAction Stop + $ApplicationAccessPolicy = Get-ApplicationAccessPolicy -Identity $Identity -ErrorAction Stop + Write-Verbose -Message "Found policy by Identity {$Identity}" } catch { - if ($_.Exception -like "The operation couldn't be performed because object*") + Write-Verbose -Message "Could not find policy by Identity {$Identity}" + } + + $ScopeIdentityValue = $null + if ($null -eq $ApplicationAccessPolicy) + { + $scopeIdentityGroup = $null + try { - Write-Verbose 'Could not obtain Application Access Policies for Tenant' - return $nullReturn + $scopeIdentityGroup = Get-Group -Identity $PolicyScopeGroupId -ErrorAction Stop + } + catch + { + Write-Verbose -Message "Could not find Group with Identity {$PolicyScopeGroupId}" + } + + if ($null -ne $scopeIdentityGroup) + { + $ScopeIdentityValue = $scopeIdentityGroup.WindowsEmailAddress + $ApplicationAccessPolicy = Get-ApplicationAccessPolicy | Where-Object -FilterScript { $AppID -eq $_.AppId -and $_.ScopeIdentity -eq $scopeIdentityGroup } } - } - $ApplicationAccessPolicy = $AllApplicationAccessPolicies | Where-Object -FilterScript { $_.Identity -eq $Identity } + if ($null -ne $ApplicationAccessPolicy) + { + Write-Verbose -Message "Found Application Access Policy by Scope {$PolicyScopeGroupId}" + } + } + else + { + $ScopeIdentityValue = $ApplicationAccessPolicy.ScopeIdentity + } if ($null -eq $ApplicationAccessPolicy) { @@ -111,11 +136,12 @@ function Get-TargetResource } else { + $ApplicationAccessPolicy = $ApplicationAccessPolicy[0] $result = @{ Identity = $ApplicationAccessPolicy.Identity AccessRight = $ApplicationAccessPolicy.AccessRight AppID = $ApplicationAccessPolicy.AppID - PolicyScopeGroupId = $ApplicationAccessPolicy.ScopeIdentity + PolicyScopeGroupId = $ScopeIdentityValue Description = $ApplicationAccessPolicy.Description Ensure = 'Present' Credential = $Credential @@ -127,7 +153,7 @@ function Get-TargetResource TenantId = $TenantId } - Write-Verbose -Message "Found Application Access Policy $($Identity)" + Write-Verbose -Message "Found Application Access Policy {$($Identity)}" return $result } } @@ -231,7 +257,7 @@ function Set-TargetResource } $SetApplicationAccessPolicyParams = @{ - Identity = $Identity + Identity = $currentApplicationAccessPolicyConfig.Identity Description = $Description Confirm = $false } @@ -253,16 +279,18 @@ function Set-TargetResource # CASE: Application Access Policy exists and it should, but Description attribute has different values than desired (Set-ApplicationAccessPolicy is only able to change description attribute) elseif ($Ensure -eq 'Present' -and $currentApplicationAccessPolicyConfig.Ensure -eq 'Present' -and $currentApplicationAccessPolicyConfig.Description -ne $Description) { - Write-Verbose -Message "Application Access Policy '$($Identity)' already exists, but needs updating." - Write-Verbose -Message "Setting Application Access Policy $($Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $SetApplicationAccessPolicyParams)" + Write-Verbose -Message "Application Access Policy '$($currentApplicationAccessPolicyConfig.Identity)' already exists, but needs updating." + Write-Verbose -Message "Setting Application Access Policy $($currentApplicationAccessPolicyConfig.Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $SetApplicationAccessPolicyParams)" Set-ApplicationAccessPolicy @SetApplicationAccessPolicyParams } # CASE: Application Access Policy exists and it should, but has different values than the desired one # Set-ApplicationAccessPolicy is only able to change description attribute, therefore re-create policy elseif ($Ensure -eq 'Present' -and $currentApplicationAccessPolicyConfig.Ensure -eq 'Present' -and $currentApplicationAccessPolicyConfig.Description -eq $Description) { - Write-Verbose -Message "Re-create Application Access Policy '$($Identity)'" - Remove-ApplicationAccessPolicy -Identity $Identity -Confirm:$false + Write-Verbose -Message "Re-create Application Access Policy '$($currentApplicationAccessPolicyConfig.Identity)'" + Remove-ApplicationAccessPolicy -Identity $currentApplicationAccessPolicyConfig.Identity -Confirm:$false + Write-Verbose -Message "Removing existing policy was successful" + Write-Verbose -Message "Creating new instance with parameters: $(Convert-M365DscHashtableToString -Hashtable $NewApplicationAccessPolicyParams)" New-ApplicationAccessPolicy @NewApplicationAccessPolicyParams } } @@ -354,6 +382,7 @@ function Test-TargetResource $ValuesToCheck.Remove('CertificatePath') | Out-Null $ValuesToCheck.Remove('CertificatePassword') | Out-Null $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('Identity') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -487,4 +516,3 @@ function Export-TargetResource } Export-ModuleMember -Function *-TargetResource - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 index 620b2c6ee2..6b03e06a7d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 @@ -242,19 +242,9 @@ function Set-TargetResource $DataClassificationParams.Remove('CertificatePassword') | Out-Null $DataClassificationParams.Remove('ManagedIdentity') | Out-Null - if (('Present' -eq $Ensure ) -and ($null -eq $DataClassification)) { - Write-Verbose -Message "Creating Data classification policy $($Identity)." - $DataClassificationParams.Remove('Identity') | Out-Null - $DataClassificationParams.Remove('IsDefault') | Out-Null - if (-Not [String]::IsNullOrEmpty($DataClassificationParams.Locale)) - { - $DataClassificationParams.Locale = New-Object system.globalization.cultureinfo($DataClassificationParams.Locale) - } - - New-DataClassification @DataClassificationParams - Write-Verbose -Message 'Data classification policy created successfully.' + Write-Verbose -Message "Data Classification in Exchange Online are now deprecated in favor of Sensitive Information Types in Security and Compliance." } elseif (('Present' -eq $Ensure ) -and ($Null -ne $DataClassification)) { diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 index 0bbf77f229..b7008e86fb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/1-Create.ps1 @@ -20,7 +20,7 @@ Configuration Example { Identity = "Integration Policy" AccessRight = "DenyAccess" - AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy" Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 index 1bc69f306a..f961e93505 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/2-Update.ps1 @@ -20,7 +20,7 @@ Configuration Example { Identity = "Integration Policy" AccessRight = "DenyAccess" - AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy Updated" # Updated Property Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/3-Remove.ps1 index de77a3afce..cc0936181d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOApplicationAccessPolicy/3-Remove.ps1 @@ -17,7 +17,8 @@ Configuration Example { EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 index 95191e3232..878bf3ebe1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1 @@ -7,6 +7,7 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOAuthenticationPolicyAssignment 'ConfigureAuthenticationPolicyAssignment' diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/1-Create.ps1 index 796c7e53c4..5eb5199ae4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/1-Create.ps1 @@ -30,7 +30,7 @@ Configuration Example ExceptAnyOfClientIPAddressesOrRanges = @() AnyOfClientIPAddressesOrRanges = @() Ensure = "Present" - Credential = $GlobalAdmin + Credential = $Credscredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/2-Update.ps1 index 54c4502dde..023a903f60 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/2-Update.ps1 @@ -30,7 +30,7 @@ Configuration Example ExceptAnyOfClientIPAddressesOrRanges = @() AnyOfClientIPAddressesOrRanges = @() Ensure = "Present" - Credential = $GlobalAdmin + Credential = $Credscredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/3-Remove.ps1 index 4b4fbfeaf9..42f5cf21c7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOClientAccessRule/3-Remove.ps1 @@ -19,7 +19,7 @@ Configuration Example Action = "AllowAccess" Identity = "Always Allow Remote PowerShell" Ensure = "Absent" - Credential = $GlobalAdmin + Credential = $Credscredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/1-Create.ps1 deleted file mode 100644 index 406907f169..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/1-Create.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXODataClassification 'ConfigureDataClassification' - { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles.' - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/2-Update.ps1 index 1f4d62384e..c13499914c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/2-Update.ps1 @@ -16,13 +16,13 @@ Configuration Example { EXODataClassification 'ConfigureDataClassification' { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles. Updated' # Updated Property - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential + Description = "Detects formatted and unformatted Canadian social insurance number."; + Ensure = "Present"; + Identity = "a2f29c85-ecb8-4514-a610-364790c0773e"; + IsDefault = $True; + Locale = "en-US"; + Name = "Canada Social Insurance Number"; + Credential = $Credscredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/3-Remove.ps1 deleted file mode 100644 index 1f4d62384e..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/EXODataClassification/3-Remove.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXODataClassification 'ConfigureDataClassification' - { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles. Updated' # Updated Property - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential - } - } -} From 107d1641c4bf0be44f9819540d3ab963d214bb35 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 25 Jan 2024 12:50:24 -0500 Subject: [PATCH 10/13] Fixes --- .../MSFT_EXOApplicationAccessPolicy.psm1 | 2 +- ...osoft365DSC.EXOApplicationAccessPolicy.Tests.ps1 | 13 ++++--------- .../Microsoft365DSC.EXODataClassification.Tests.ps1 | 3 --- 3 files changed, 5 insertions(+), 13 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 index 7e7915d0af..a6c009db0d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOApplicationAccessPolicy/MSFT_EXOApplicationAccessPolicy.psm1 @@ -92,7 +92,7 @@ function Get-TargetResource $ApplicationAccessPolicy = $null try { - $ApplicationAccessPolicy = Get-ApplicationAccessPolicy -Identity $Identity -ErrorAction Stop + [Array]$ApplicationAccessPolicy = Get-ApplicationAccessPolicy -Identity $Identity -ErrorAction Stop Write-Verbose -Message "Found policy by Identity {$Identity}" } catch diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOApplicationAccessPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOApplicationAccessPolicy.Tests.ps1 index 8d7b010ff8..f16ed46c56 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOApplicationAccessPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOApplicationAccessPolicy.Tests.ps1 @@ -21,6 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { + $Script:ExportMode = $false $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) @@ -56,13 +57,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-ApplicationAccessPolicy -MockWith { - return @{ - Identity = 'DifferentApplicationAccessPolicy1' - AccessRight = 'DenyAccess' - AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' - ScopeIdentity = 'Engineering Staff' - Description = 'Engineering Group Policy' - } + return $null } Mock -CommandName Set-ApplicationAccessPolicy -MockWith { @@ -101,13 +96,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-ApplicationAccessPolicy -MockWith { - return @{ + return @(@{ Identity = 'ApplicationAccessPolicy1' AccessRight = 'DenyAccess' AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' ScopeIdentity = 'Engineering Staff' Description = 'Engineering Group Policy' - } + }) } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 index 38d9729b8f..e2c9b7fe7d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 @@ -70,7 +70,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call the New- cmdlet' { Set-TargetResource @testParams - Should -Invoke -CommandName 'New-DataClassification' -Exactly 1 } } @@ -107,7 +106,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should set Call into the Set-DataClassification command exactly once' { Set-TargetResource @testParams - Should -Invoke -CommandName 'Set-DataClassification' -Exactly 1 } } @@ -144,7 +142,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should call into the Remove-DataClassification cmdlet once' { Set-TargetResource @testParams - Should -Invoke -CommandName 'Remove-DataClassification' -Exactly 1 } } From 0e2d9abb14523eff4eb60c74d7a4d1829c5da63f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 25 Jan 2024 18:18:28 +0000 Subject: [PATCH 11/13] Updated Resources and Cmdlet documentation pages --- .../exchange/EXOApplicationAccessPolicy.md | 17 +++-- .../EXOAuthenticationPolicyAssignment.md | 15 ++-- .../resources/exchange/EXOClientAccessRule.md | 6 +- .../exchange/EXODataClassification.md | 76 ++----------------- 4 files changed, 28 insertions(+), 86 deletions(-) diff --git a/docs/docs/resources/exchange/EXOApplicationAccessPolicy.md b/docs/docs/resources/exchange/EXOApplicationAccessPolicy.md index 0240a99e8e..5db92e5322 100644 --- a/docs/docs/resources/exchange/EXOApplicationAccessPolicy.md +++ b/docs/docs/resources/exchange/EXOApplicationAccessPolicy.md @@ -54,14 +54,15 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" AccessRight = "DenyAccess" - AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") - PolicyScopeGroupId = "Engineering Staff" + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' + PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy" Ensure = "Present" Credential = $Credscredential @@ -86,14 +87,15 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" AccessRight = "DenyAccess" - AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") - PolicyScopeGroupId = "Engineering Staff" + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' + PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy Updated" # Updated Property Ensure = "Present" Credential = $Credscredential @@ -122,7 +124,8 @@ Configuration Example { EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md b/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md index d2a7dc46cb..96b4ec6b82 100644 --- a/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md +++ b/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md @@ -44,7 +44,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $EXOAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -55,7 +55,7 @@ Configuration Example UserName = "AdeleV" AuthenticationPolicyName = "Block Basic Auth" Ensure = "Present" - Credential = $EXOAdmin + Credential = $Credscredential } } } @@ -70,18 +70,19 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $EXOAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOAuthenticationPolicyAssignment 'ConfigureAuthenticationPolicyAssignment' { UserName = "AdeleV" - AuthenticationPolicyName = "Test Policy" + AuthenticationPolicyName = "Test Policy" # Updaqted Property Ensure = "Present" - Credential = $EXOAdmin + Credential = $Credscredential } } } @@ -96,7 +97,7 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $EXOAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -107,7 +108,7 @@ Configuration Example UserName = "AdeleV" AuthenticationPolicyName = "Test Policy" Ensure = "Absent" - Credential = $EXOAdmin + Credential = $Credscredential } } } diff --git a/docs/docs/resources/exchange/EXOClientAccessRule.md b/docs/docs/resources/exchange/EXOClientAccessRule.md index 727903391e..57cdcb8a6f 100644 --- a/docs/docs/resources/exchange/EXOClientAccessRule.md +++ b/docs/docs/resources/exchange/EXOClientAccessRule.md @@ -87,7 +87,7 @@ Configuration Example ExceptAnyOfClientIPAddressesOrRanges = @() AnyOfClientIPAddressesOrRanges = @() Ensure = "Present" - Credential = $GlobalAdmin + Credential = $Credscredential } } } @@ -126,7 +126,7 @@ Configuration Example ExceptAnyOfClientIPAddressesOrRanges = @() AnyOfClientIPAddressesOrRanges = @() Ensure = "Present" - Credential = $GlobalAdmin + Credential = $Credscredential } } } @@ -154,7 +154,7 @@ Configuration Example Action = "AllowAccess" Identity = "Always Allow Remote PowerShell" Ensure = "Absent" - Credential = $GlobalAdmin + Credential = $Credscredential } } } diff --git a/docs/docs/resources/exchange/EXODataClassification.md b/docs/docs/resources/exchange/EXODataClassification.md index 1ad5d66ad4..b477a7473c 100644 --- a/docs/docs/resources/exchange/EXODataClassification.md +++ b/docs/docs/resources/exchange/EXODataClassification.md @@ -58,75 +58,13 @@ Configuration Example { EXODataClassification 'ConfigureDataClassification' { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles.' - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential - } - } -} -``` - -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXODataClassification 'ConfigureDataClassification' - { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles. Updated' # Updated Property - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential - } - } -} -``` - -### Example 3 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXODataClassification 'ConfigureDataClassification' - { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles. Updated' # Updated Property - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential + Description = "Detects formatted and unformatted Canadian social insurance number."; + Ensure = "Present"; + Identity = "a2f29c85-ecb8-4514-a610-364790c0773e"; + IsDefault = $True; + Locale = "en-US"; + Name = "Canada Social Insurance Number"; + Credential = $Credscredential } } } From 605a62091beed4c37603bb606c0750c64480dd1b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 25 Jan 2024 18:20:48 +0000 Subject: [PATCH 12/13] Updated {Create} EXO Integration Tests --- .../M365DSCIntegration.EXO.Create.Tests.ps1 | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 706d11911a..56c0957ebf 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -97,10 +97,10 @@ } EXOApplicationAccessPolicy 'ConfigureApplicationAccessPolicy' { - Identity = "Global" + Identity = "Integration Policy" AccessRight = "DenyAccess" - AppID = @("3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5", "6ac794ca-2697-4137-8754-d2a78ae47d93") - PolicyScopeGroupId = "Engineering Staff" + AppID = '3dbc2ae1-7198-45ed-9f9f-d86ba3ec35b5' + PolicyScopeGroupId = "IntegrationMailEnabled@$Domain" Description = "Engineering Group Policy" Ensure = "Present" Credential = $Credscredential @@ -128,7 +128,7 @@ UserName = "AdeleV" AuthenticationPolicyName = "Block Basic Auth" Ensure = "Present" - Credential = $EXOAdmin + Credential = $Credscredential } EXOAvailabilityAddressSpace 'ConfigureAvailabilityAddressSpace' { @@ -161,17 +161,7 @@ ExceptAnyOfClientIPAddressesOrRanges = @() AnyOfClientIPAddressesOrRanges = @() Ensure = "Present" - Credential = $GlobalAdmin - } - EXODataClassification 'ConfigureDataClassification' - { - Identity = 'Contoso Confidential' - Name = 'Contoso Confidentiel' - Description = 'Ce message contient des informations confidentielles.' - Locale = 'fr' - IsDefault = $true - Ensure = "Present" - Credential = $Credscredential + Credential = $Credscredential } EXODataEncryptionPolicy 'ConfigureDataEncryptionPolicy' { From e1486865083db952e3caee77568bf36472773959 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 25 Jan 2024 13:28:57 -0500 Subject: [PATCH 13/13] Release 1.24.124.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 106 ++++++++++++++----- 2 files changed, 83 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4bc77153c3..531a56fd91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.124.1 * AADAuthenticationMethodPolicyAuthenticator * Remove the logic path to create a new instance in favor of the update flow. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 3715c9ef21..4b432876d5 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-01-17 +# Generated on: 2024-01-25 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.117.1' + ModuleVersion = '1.24.124.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,32 +140,90 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADAdministrativeUnit - * Used generic Graph API URL from MSCloudLoginConnectionProfile. - * AADApplication - * Ignore Permissions in tests if not passed. Preventing null comparison errors. - * AADAttributeSet - * Removed the ability to specify a value of Absent for the Ensure property. + ReleaseNotes = '* AADAuthenticationMethodPolicyAuthenticator + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicyEmail + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicyFido2 + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicySms + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicySoftware + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicyTemporary + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicyVoice + * Remove the logic path to create a new instance in favor of the update flow. + * AADAuthenticationMethodPolicyX509 + * Remove the logic path to create a new instance in favor of the update flow. * AADConditionalAccessPolicy - * Fixes an error where the ApplicationEnforcedRestrictionsIsEnabled parameter - was always set to false in scenarios where it should have been null. - * AADAuthenticationMethodPolicy + * Fix issue when not all parameters are specified + FIXES [[#4202](https://github.com/microsoft/Microsoft365DSC/issues/4202)] + * AADCrossTenantAccessPolicy * Removed the ability to specify a value of Absent for the Ensure property. - * AADAuthenticationMethodPolicyX509 - * Fix the way we returned an empty rule set from the Get method. This caused - the Test-TargetResource method to return true even when instances matched. - * AADRoleSetting + * AADCrossTenantAccessPolicyCOnfigurationDefault * Removed the ability to specify a value of Absent for the Ensure property. - * EXOAntiPhishPolicy - * Add support for HonorDmarcPolicy parameter - FIXES [[#4138](https://github.com/microsoft/Microsoft365DSC/issues/4138)] - * IntuneDeviceConfigurationPolicyMacOS - * Fix CIM instances comparison in Test-TargetResource and export - CompliantAppsList with the correct type - FIXES [#4144](https://github.com/microsoft/Microsoft365DSC/issues/4144) + * AADGroup + * Changed Set logic to restore groups from the deleted list if a match by + DisplayName is found. + * EXOActiveSyncDeviceAccessRule + * Changed the way Identity is determined by using a combination of the + QueryString and Characteristic parameters. + * EXOAddressList + * Fixed an issue trying to create a new instance when DisplayName is empty. + * EXOApplicationAccessPolicy + * Changed the logic to retrieve existing instances based on Scope. + * EXODataClassification + * DEPRECATED Resource. + * SCAutoSensitivityLabelRule + * Correct export indentation, which caused an issue with report conversion to JSON. + FIXES [[#4240](https://github.com/microsoft/Microsoft365DSC/issues/4240)] + * SPOSharingSettings + * Fixed an Issue where the MySiteSharingCapability could be returned as an + empty string instead of a null value from the Get method. + * TeamsAppPermissionPolicy, TeamsAppSetupPolicy, TeamsCallHoldPolicy, + TeamsIPPhonePolicy, TeamsMobilityPolicy, TeamsNetworkRoamingPolicy, + TeamsShiftsPolicy, TeamsTenantNetworkRegion, TeamsTenantNetworkSite, + TeamsTenantNetworkSubnet, TeamsTenantTrustedIPAddress, TeamsTranslationRule, + TeamsUnassignedNumberTreatment, TeamsVdiPolicy, TeamsWorkloadPolicy + * Fix condition when resource is absent + FIXES [#4227](https://github.com/microsoft/Microsoft365DSC/issues/4227) + * TeamsAudioConferencingPolicy + * Fix condition in Test-TargetResource when resource is absent + FIXES [#4215](https://github.com/microsoft/Microsoft365DSC/issues/4215) + * TeamsCallParkPolicy + * Fix condition in Test-TargetResource when resource is absent + FIXES [#4210](https://github.com/microsoft/Microsoft365DSC/issues/4210) + * TeamsComplianceRecordingPolicy + * Fix condition in Test-TargetResource when resource is absent + FIXES [#4212](https://github.com/microsoft/Microsoft365DSC/issues/4212) + * TeamsCortanaPolicy + * Fix condition in Test-TargetResource when resource is absent + FIXES [#4208](https://github.com/microsoft/Microsoft365DSC/issues/4208) + * TeamsEnhancedEncryptionPolicy + * Fix condition when resource is absent + FIXES [#4221](https://github.com/microsoft/Microsoft365DSC/issues/4221) + * TeamsEventsPolicy + * Add missing attributes + FIXES [#4242](https://github.com/microsoft/Microsoft365DSC/issues/4242) + * TeamsFeedbackPolicy + * Fix condition when resource is absent + FIXES [#4223](https://github.com/microsoft/Microsoft365DSC/issues/4223) + * TeamsFilesPolicy + * Fix condition when resource is absent + FIXES [#4225](https://github.com/microsoft/Microsoft365DSC/issues/4225) + * TeamsGroupPolicyAssignment + * Ensure assignment can still be created if GroupId is not found by trying to + search by DisplayName afterwards + FIXES [#4248](https://github.com/microsoft/Microsoft365DSC/issues/4248) + * TeamsMeetingBroadcastPolicy + * Fix deletion of resource + FIXES [#4231](https://github.com/microsoft/Microsoft365DSC/issues/4231) + * TeamsMobilityPolicy + * Validate string set on parameter MobileDialerPreference * DEPENDENCIES - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.178. - * Updated MSCloudLoginAssistant to version 1.1.6.' + * Updated Microsoft.Graph dependencies to version 2.12.0. + * Updated MicrosoftTeams dependencies to version 5.9.0.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false