diff --git a/CHANGELOG.md b/CHANGELOG.md index af82478b76..5b6d317387 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ FIXES [#3226](https://github.com/microsoft/Microsoft365DSC/issues/3226) * TeamsAppSetupPolicy * Initial release. +* EXOQuarantinePolicy + * Support exporting and importing global quarantine policy + FIXES [#3285](https://github.com/microsoft/Microsoft365DSC/issues/3285) * DEPENDENCIES * Updated MicrosoftTeams to version 5.2.0 * MISC @@ -38,9 +41,7 @@ * AADCrossTenantAccessPolicyConfigurationPartner * Initial release FIXES [#3253](https://github.com/microsoft/Microsoft365DSC/issues/3253) -* EXOQuarantinePolicy - * Support exporting global quarantine policy - FIXES [#3285](https://github.com/microsoft/Microsoft365DSC/issues/3285) + * IntuneSettingCatalogCustomPolicyWindows10 * Initial release FIXES [#2692](https://github.com/microsoft/Microsoft365DSC/issues/2692), diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 index cab081596b..cfbafa7917 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1 @@ -63,7 +63,32 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String] + $CustomDisclaimer, + + [Parameter()] + [System.String] + $EndUserSpamNotificationFrequency, + + [Parameter()] + [System.Int32] + $EndUserSpamNotificationFrequencyInDays, + + [Parameter()] + [System.String] + $EndUserSpamNotificationCustomFromAddress, + + [Parameter()] + [System.String[]] + $EsnCustomSubject, + + [Parameter()] + [System.String] + $QuarantinePolicyType + ) Write-Verbose -Message "Getting configuration of QuarantinePolicy for $($Identity)" @@ -96,7 +121,7 @@ function Get-TargetResource try { - if ($Identity -eq 'DefaultGlobalPolicy') + if ($QuarantinePolicyType -eq 'GlobalQuarantineTag') { $QuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy -ErrorAction Stop } @@ -112,104 +137,130 @@ function Get-TargetResource } else { - $EndUserQuarantinePermissionsValueDecimal = 0 - if ($QuarantinePolicy.EndUserQuarantinePermissions) + if ($QuarantinePolicy.QuarantinePolicyType -eq 'GlobalQuarantineTag') { - # Convert string output of EndUserQuarantinePermissions to binary value and then to decimal value - # needed for EndUserQuarantinePermissionsValue attribute of New-/Set-QuarantinePolicy cmdlet. - # This parameter uses a decimal value that's converted from a binary value. - # The binary value corresponds to the list of available permissions in a specific order. - # For each permission, the value 1 equals True and the value 0 equals False. - - $EndUserQuarantinePermissionsBinary = '' - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToViewHeader: True')) - { - $PermissionToViewHeader = '1' - } - else - { - $PermissionToViewHeader = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDownload: True')) - { - $PermissionToDownload = '1' - } - else - { - $PermissionToDownload = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToAllowSender: True')) - { - $PermissionToAllowSender = '1' - } - else - { - $PermissionToAllowSender = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToBlockSender: True')) - { - $PermissionToBlockSender = '1' - } - else - { - $PermissionToBlockSender = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRequestRelease: True')) - { - $PermissionToRequestRelease = '1' - } - else - { - $PermissionToRequestRelease = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRelease: True')) - { - $PermissionToRelease = '1' - } - else - { - $PermissionToRelease = '0' - } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToPreview: True')) - { - $PermissionToPreview = '1' - } - else - { - $PermissionToPreview = '0' + $result = @{ + CustomDisclaimer = $QuarantinePolicy.CustomDisclaimer + EndUserSpamNotificationFrequency = $QuarantinePolicy.EndUserSpamNotificationFrequency + EndUserSpamNotificationFrequencyInDays = $QuarantinePolicy.EndUserSpamNotificationFrequencyInDays + EndUserSpamNotificationCustomFromAddress = $QuarantinePolicy.EndUserSpamNotificationCustomFromAddress + MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer + EsnCustomSubject = $QuarantinePolicy.EsnCustomSubject + MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName + MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting + OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled + QuarantinePolicyType = $QuarantinePolicy.QuarantinePolicyType + Identity = $Identity + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId } - if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDelete: True')) - { - $PermissionToDelete = '1' - } - else - { - $PermissionToDelete = '0' - } - # Concat values to binary value - $EndUserQuarantinePermissionsBinary = [System.String]::Concat($PermissionToViewHeader, $PermissionToDownload, $PermissionToAllowSender, $PermissionToBlockSender, $PermissionToRequestRelease, $PermissionToRelease, $PermissionToPreview, $PermissionToDelete) - - # Convert to Decimal value - [int]$EndUserQuarantinePermissionsValueDecimal = [System.Convert]::ToByte($EndUserQuarantinePermissionsBinary, 2) } - $result = @{ - Identity = $Identity - EndUserQuarantinePermissionsValue = $EndUserQuarantinePermissionsValueDecimal - ESNEnabled = $QuarantinePolicy.ESNEnabled - MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer - MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName - MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting - OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled - Credential = $Credential - Ensure = 'Present' - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId + else + { + $EndUserQuarantinePermissionsValueDecimal = 0 + if ($QuarantinePolicy.EndUserQuarantinePermissions) + { + # Convert string output of EndUserQuarantinePermissions to binary value and then to decimal value + # needed for EndUserQuarantinePermissionsValue attribute of New-/Set-QuarantinePolicy cmdlet. + # This parameter uses a decimal value that's converted from a binary value. + # The binary value corresponds to the list of available permissions in a specific order. + # For each permission, the value 1 equals True and the value 0 equals False. + + $EndUserQuarantinePermissionsBinary = '' + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToViewHeader: True')) + { + $PermissionToViewHeader = '1' + } + else + { + $PermissionToViewHeader = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDownload: True')) + { + $PermissionToDownload = '1' + } + else + { + $PermissionToDownload = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToAllowSender: True')) + { + $PermissionToAllowSender = '1' + } + else + { + $PermissionToAllowSender = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToBlockSender: True')) + { + $PermissionToBlockSender = '1' + } + else + { + $PermissionToBlockSender = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRequestRelease: True')) + { + $PermissionToRequestRelease = '1' + } + else + { + $PermissionToRequestRelease = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRelease: True')) + { + $PermissionToRelease = '1' + } + else + { + $PermissionToRelease = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToPreview: True')) + { + $PermissionToPreview = '1' + } + else + { + $PermissionToPreview = '0' + } + if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDelete: True')) + { + $PermissionToDelete = '1' + } + else + { + $PermissionToDelete = '0' + } + # Concat values to binary value + $EndUserQuarantinePermissionsBinary = [System.String]::Concat($PermissionToViewHeader, $PermissionToDownload, $PermissionToAllowSender, $PermissionToBlockSender, $PermissionToRequestRelease, $PermissionToRelease, $PermissionToPreview, $PermissionToDelete) + + # Convert to Decimal value + [int]$EndUserQuarantinePermissionsValueDecimal = [System.Convert]::ToByte($EndUserQuarantinePermissionsBinary, 2) + } + $result = @{ + Identity = $Identity + EndUserQuarantinePermissionsValue = $EndUserQuarantinePermissionsValueDecimal + ESNEnabled = $QuarantinePolicy.ESNEnabled + MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer + MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName + MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting + OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled + Credential = $Credential + Ensure = 'Present' + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + } } - Write-Verbose -Message "Found QuarantinePolicy $($Identity)" Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result @@ -291,7 +342,31 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String] + $CustomDisclaimer, + + [Parameter()] + [System.String] + $EndUserSpamNotificationFrequency, + + [Parameter()] + [System.Int32] + $EndUserSpamNotificationFrequencyInDays, + + [Parameter()] + [System.String] + $EndUserSpamNotificationCustomFromAddress, + + [Parameter()] + [System.String[]] + $EsnCustomSubject, + + [Parameter()] + [System.String] + $QuarantinePolicyType ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -305,11 +380,10 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion Write-Verbose -Message "Setting configuration of QuarantinePolicy for $($Identity)" - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters - if ($Identity -eq 'DefaultGlobalPolicy') + if ($QuarantinePolicyType -eq 'GlobalQuarantineTag') { $QuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy } @@ -327,6 +401,7 @@ function Set-TargetResource $QuarantinePolicyParams.Remove('CertificatePath') | Out-Null $QuarantinePolicyParams.Remove('CertificatePassword') | Out-Null $QuarantinePolicyParams.Remove('ManagedIdentity') | Out-Null + $QuarantinePolicyParams.Remove('QuarantinePolicyType') | Out-Null if (('Present' -eq $Ensure ) -and ($null -eq $QuarantinePolicy)) { @@ -412,7 +487,31 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String] + $CustomDisclaimer, + + [Parameter()] + [System.String] + $EndUserSpamNotificationFrequency, + + [Parameter()] + [System.Int32] + $EndUserSpamNotificationFrequencyInDays, + + [Parameter()] + [System.String] + $EndUserSpamNotificationCustomFromAddress, + + [Parameter()] + [System.String[]] + $EsnCustomSubject, + + [Parameter()] + [System.String] + $QuarantinePolicyType ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -529,6 +628,7 @@ function Export-TargetResource CertificatePassword = $CertificatePassword Managedidentity = $ManagedIdentity.IsPresent CertificatePath = $CertificatePath + QuarantinePolicyType = $QuarantinePolicy.QuarantinePolicyType } $Results = Get-TargetResource @Params @@ -574,4 +674,3 @@ function Export-TargetResource } } Export-ModuleMember -Function *-TargetResource - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.schema.mof index 081edab3da..7e12f02696 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.schema.mof @@ -17,4 +17,10 @@ class MSFT_EXOQuarantinePolicy : OMI_BaseResource [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("The EndUserSpamNotificationFrequency parameter species how often quarantine notifications are sent to users. Valid values are: 04:00:00 (4 hours),1.00:00:00 (1 day),7.00:00:00 (7 days)")] String EndUserSpamNotificationFrequency; + [Write, Description("The QuarantinePolicyType parameter filters the results by the specified quarantine policy type. Valid values are: QuarantinePolicy, GlobalQuarantinePolicy")] String QuarantinePolicyType; + [Write, Description("This parameter is reserved for internal Microsoft use.")] String EndUserSpamNotificationFrequencyInDays; + [Write, Description("This parameter is reserved for internal Microsoft use.")] String CustomDisclaimer; + [Write, Description("The EndUserSpamNotificationCustomFromAddress specifies the email address of an existing internal sender to use as the sender for quarantine notifications. To set this parameter back to the default email address quarantine@messaging.microsoft.com, use the value $null.")] String EndUserSpamNotificationCustomFromAddress; + [Write, Description("The EsnCustomSubject parameter specifies the text to use in the Subject field of quarantine notifications.This setting is available only in the built-in quarantine policy named DefaultGlobalTag that controls global quarantine policy settings.")] String EsnCustomSubject[]; };