Merge branch 'newDev' into DRG-cleanup-microsoft#3309

CHANGELOG.md

@@ -2,19 +2,33 @@
 
 # UNRELEASED
 
+* DEPENDENCIES
+  * Updated ReverseDSC to version 2.0.0.16.
+
+# 1.23.621.1
+
+* AADAdministrativeUnit
+  * Fixes an issue where the domain part of the user name was handled as a string when using credentials to authenticate.
 * EXORoleGroup
   * Fixes an issue where the role group wasn't getting created when members were null.
     FIXES [#3217](https://github.com/microsoft/Microsoft365DSC/issues/3217)
 * O365OrgSettings
   * Added support for the PlannerAllowCalendarSharing property for Planner.
   * Added support for the Microsoft 365 installation options.
+  * Added support for the Viva Insights and Briefing email settings.
+* PPTenantIsolationSettings & PPTenantSettings
+  * Handles the case where required permissions are not provided when using SPN authentication.
+    FIXES [#3179](https://github.com/microsoft/Microsoft365DSC/issues/3179)
 * SCProtectionAlert
   * Prevents extracting system rules.
     FIXES [#3224](https://github.com/microsoft/Microsoft365DSC/issues/3224)
 * MISC
   * Fixes the display of arrays as property values for Excel based reports from New-M365DSCReportFromConfiguration.
     FIXES [#3173](https://github.com/microsoft/Microsoft365DSC/issues/3173)
+  * Added the Organization.Read.All permission by default in the Get-M365DSCCompiledPermisisonList cmdlet return values.
+    FIXES [#3292](https://github.com/microsoft/Microsoft365DSC/issues/3292)
 * DEPENDENCIES
+  * Updated ExchangeOnlineManagement to version 3.2.0.
   * Updated MicrosoftTeams to version 5.3.0.
   * Updated MSCloudLoginAssistant to version 1.0.114.
 
@@ -25,6 +39,10 @@
 * AADNamedLocationPolicy
   * Added support forthe CountryLookupMethod property
     FIXES [#3345](https://github.com/microsoft/Microsoft365DSC/issues/3345)
+* IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10
+  * Fixes an issue with Set-TargetResource when an array is empty
+  * Fixes presentationValue updates
+    FIXES [#3355](https://github.com/microsoft/Microsoft365DSC/issues/3355)
 * TeamsAppPermissionPolicy
   * Fixes an issue where the wrong app types were trying to get assigned.
     FIXES [#3373](https://github.com/microsoft/Microsoft365DSC/issues/3373)
@@ -113,7 +131,6 @@
 * AADCrossTenantAccessPolicyConfigurationPartner
   * Initial release
     FIXES [#3253](https://github.com/microsoft/Microsoft365DSC/issues/3253)
-
 * IntuneSettingCatalogCustomPolicyWindows10
   * Initial release
   FIXES [#2692](https://github.com/microsoft/Microsoft365DSC/issues/2692),

Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1

@@ -1030,6 +1030,7 @@ function Export-TargetResource
             {
                 $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true
                 $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '').Replace("`");`r`n", ");`r`n")
+                $currentDSCBlock = $currentDSCBlock.Replace("`$OrganizationName'", "' + `$OrganizationName")
             }
             $dscContent += $currentDSCBlock
             Save-M365DSCPartialExport -Content $currentDSCBlock `

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json

@@ -45,12 +45,12 @@
             "application": {
                 "read": [
                     {
-                        "name": "NotSupported"
+                        "name": "Policy.Read.All"
                     }
                 ],
                 "update": [
                     {
-                        "name": "NotSupported"
+                        "name": "Policy.ReadWrite.ConditionalAccess"
                     }
                 ]
             }

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1

@@ -214,18 +214,18 @@ function Get-TargetResource
 
         $results = @{
             #region resource generator code
-            Description                      = $getValue.Description
-            DisplayName                      = $getValue.DisplayName
-            PolicyConfigurationIngestionType = $enumPolicyConfigurationIngestionType
-            DefinitionValues                 = $complexDefinitionValues
-            Id                               = $getValue.Id
-            Ensure                           = 'Present'
-            Credential                       = $Credential
-            ApplicationId                    = $ApplicationId
-            TenantId                         = $TenantId
-            ApplicationSecret                = $ApplicationSecret
-            CertificateThumbprint            = $CertificateThumbprint
-            Managedidentity                  = $ManagedIdentity.IsPresent
+            Description           = $getValue.Description
+            DisplayName           = $getValue.DisplayName
+            #PolicyConfigurationIngestionType = $enumPolicyConfigurationIngestionType
+            DefinitionValues      = $complexDefinitionValues
+            Id                    = $getValue.Id
+            Ensure                = 'Present'
+            Credential            = $Credential
+            ApplicationId         = $ApplicationId
+            TenantId              = $TenantId
+            ApplicationSecret     = $ApplicationSecret
+            CertificateThumbprint = $CertificateThumbprint
+            Managedidentity       = $ManagedIdentity.IsPresent
             #endregion
         }
         $assignmentsValues = Get-MgDeviceManagementGroupPolicyConfigurationAssignment -GroupPolicyConfigurationId $Id
@@ -407,11 +407,12 @@ function Set-TargetResource
                     $value = $presentationValue.clone()
                     $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
                     $value.remove('PresentationDefinitionId')
+                    $value.remove('PresentationDefinitionLabel')
+                    $value.remove('id')
                     $complexPresentationValues += $value
                 }
             }
             $complexDefinitionValue = @{
-                id                      = $definitionValue.Id
                 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
                 enabled                 = $definitionValue.Enabled
                 presentationValues      = $complexPresentationValues
@@ -463,19 +464,23 @@ function Set-TargetResource
 
         #Update DefinitionValues
         $currentDefinitionValues = @()
-        if ($null -ne $currentInstance.DefinitionValues)
+        $currentDefinitionValuesIds = @()
+        if ($null -ne $currentInstance.DefinitionValues -and $currentInstance.DefinitionValues.count -gt 0 )
         {
             [Array]$currentDefinitionValues = $currentInstance.DefinitionValues
+            [Array]$currentDefinitionValuesIds = $currentDefinitionValues.definition.id
         }
         $targetDefinitionValues = @()
-        if ($null -ne $DefinitionValues)
+        $targetDefinitionValuesIds = @()
+        if ($null -ne $DefinitionValues -and $DefinitionValues.count -gt 0)
         {
             [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues
+            [Array]$targetDefinitionValuesIds = $targetDefinitionValues.Definition.Id
         }
 
         $comparedDefinitionValues = Compare-Object `
-            -ReferenceObject ($currentDefinitionValues.Id) `
-            -DifferenceObject ($targetDefinitionValues.Id) `
+            -ReferenceObject ($currentDefinitionValuesIds) `
+            -DifferenceObject ($targetDefinitionValuesIds) `
             -IncludeEqual
 
         $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject
@@ -486,7 +491,7 @@ function Set-TargetResource
         $formattedDefinitionValuesToAdd = @()
         foreach ($definitionValueId in $definitionValuesToAdd)
         {
-            $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId }
+            $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Definition.Id -eq $definitionValueId }
             $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue
             $enumConfigurationType = $null
             if ($null -ne $definitionValue.ConfigurationType)
@@ -501,11 +506,12 @@ function Set-TargetResource
                     $value = $presentationValue.clone()
                     $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
                     $value.remove('PresentationDefinitionId')
+                    $value.remove('PresentationDefinitionLabel')
+                    $value.remove('id')
                     $complexPresentationValues += $value
                 }
             }
             $complexDefinitionValue = @{
-                id                      = $definitionValue.Id
                 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
                 enabled                 = $definitionValue.Enabled
                 presentationValues      = $complexPresentationValues
@@ -516,7 +522,8 @@ function Set-TargetResource
         $formattedDefinitionValuesToUpdate = @()
         foreach ($definitionValueId in $definitionValuesToCheck)
         {
-            $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId }
+            $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Definition.Id -eq $definitionValueId }
+            $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript { $_.definition.id -eq $definitionValueId }
             $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue
             $enumConfigurationType = $null
             if ($null -ne $definitionValue.ConfigurationType)
@@ -528,26 +535,36 @@ function Set-TargetResource
             {
                 foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues)
                 {
+                    $currentPresentationValue = $currentDefinitionValue.PresentationValues | Where-Object { $_.PresentationDefinitionId -eq $presentationValue.presentationDefinitionId }
                     $value = $presentationValue.clone()
                     $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
                     $value.remove('PresentationDefinitionId')
+                    $value.remove('PresentationDefinitionLabel')
+                    $value.remove('id')
+                    $value.add('id', $currentPresentationValue.Id)
                     $complexPresentationValues += $value
                 }
             }
             $complexDefinitionValue = @{
-                id                      = $definitionValue.Id
+                id                      = $currentDefinitionValue.Id
                 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
                 enabled                 = $definitionValue.Enabled
                 presentationValues      = $complexPresentationValues
             }
             $formattedDefinitionValuesToUpdate += $complexDefinitionValue
         }
 
+        $formattedDefinitionValuesToRemove = @()
+        foreach ($definitionValueId in $definitionValuesToRemove)
+        {
+            $formattedDefinitionValuesToremove += ($currentDefinitionValues | Where-Object { $_.definition.id -eq $definitionValueId }).id
+        }
+
         Update-DeviceConfigurationGroupPolicyDefinitionValue `
             -DeviceConfigurationPolicyId $currentInstance.Id `
             -DefinitionValueToAdd $formattedDefinitionValuesToAdd `
             -DefinitionValueToUpdate $formattedDefinitionValuesToUpdate `
-            -DefinitionValueToRemove $definitionValuesToRemove
+            -DefinitionValueToRemove $formattedDefinitionValuesToRemove
 
     }
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
@@ -654,29 +671,30 @@ function Test-TargetResource
         if ($source.getType().Name -like '*CimInstance*')
         {
             $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source
-            #Removing Key Definition because it is Read-Only
+            #Removing Key Definition because it is Read-Only and ID as random
             if ($key -eq 'DefinitionValues')
             {
-                foreach ($definitionValue in $source.DefinitionValues)
+                foreach ($definitionValue in $source)
                 {
                     $definitionValue.remove('Definition')
+                    $definitionValue.remove('Id')
+                    #Removing Key presentationDefinitionLabel because it is Read-Only and ID as random
+                    foreach ($presentationValue in $definitionValue.PresentationValues)
+                    {
+                        $presentationValue.remove('presentationDefinitionLabel')
+                        $presentationValue.remove('Id')
+                    }
                 }
-                foreach ($definitionValue in $target.DefinitionValues)
+                foreach ($definitionValue in $target)
                 {
                     $definitionValue.remove('Definition')
-                }
-            }
-
-            #Removing Key Definition because it is Read-Only
-            if ($key -eq 'PresentationValues')
-            {
-                foreach ($presentationValue in $source.PresentationValues)
-                {
-                    $presentationValue.remove('presentationDefinitionLabel')
-                }
-                foreach ($presentationValue in $target.PresentationValues)
-                {
-                    $presentationValue.remove('presentationDefinitionLabel')
+                    $definitionValue.remove('Id')
+                    #Removing Key presentationDefinitionLabel because it is Read-Only and ID as random
+                    foreach ($presentationValue in $definitionValue.PresentationValues)
+                    {
+                        $presentationValue.remove('presentationDefinitionLabel')
+                        $presentationValue.remove('Id')
+                    }
                 }
             }
 
@@ -699,6 +717,11 @@ function Test-TargetResource
     $ValuesToCheck.Remove('ApplicationId') | Out-Null
     $ValuesToCheck.Remove('TenantId') | Out-Null
     $ValuesToCheck.Remove('ApplicationSecret') | Out-Null
+    $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null
+    $ValuesToCheck.Remove('ManagedIdentity') | Out-Null
+    $ValuesToCheck.Remove('Verbose') | Out-Null
+    $ValuesToCheck.Remove('Ensure') | Out-Null
+    $ValuesToCheck.Remove('PolicyConfigurationIngestionType') | Out-Null
 
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
@@ -891,7 +914,7 @@ function Export-TargetResource
     catch
     {
         if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or `
-            $_.Exception -like "*Message: Location header not present in redirection response.*")
+                $_.Exception -like '*Message: Location header not present in redirection response.*')
         {
             Write-Host "`r`n    $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune."
         }
@@ -947,7 +970,7 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue
             'deletedIds' = $DefinitionValueToRemoveIds
         }
         #Write-Verbose -Message ($body | ConvertTo-Json -Depth 20)
-        Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ErrorAction Stop
+        Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ErrorAction Stop 4> Out-Null
     }
     catch
     {