Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implemented full support for GlobalQuarantinePolicy #3312

Merged
merged 6 commits into from
May 17, 2023
Merged

Implemented full support for GlobalQuarantinePolicy #3312

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
769914e
Added export/import support for GlobalQuarantinePolicy
MaxKy9 May 16, 2023
6edcdee
Updated wording
MaxKy9 May 16, 2023
2df2945
Moved to unreleased section
MaxKy9 May 16, 2023
1d3aa0f
aligned '='
MaxKy9 May 16, 2023
05ad844
Added missing parameters to the schema
MaxKy9 May 16, 2023
96642ee
Removed redundant if/else
MaxKy9 May 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@
FIXES [#3226](https://github.com/microsoft/Microsoft365DSC/issues/3226)
* TeamsAppSetupPolicy
* Initial release.
* EXOQuarantinePolicy
* Support exporting and importing global quarantine policy
FIXES [#3285](https://github.com/microsoft/Microsoft365DSC/issues/3285)
* DEPENDENCIES
* Updated MicrosoftTeams to version 5.2.0
* MISC
Expand All @@ -38,9 +41,7 @@
* AADCrossTenantAccessPolicyConfigurationPartner
* Initial release
FIXES [#3253](https://github.com/microsoft/Microsoft365DSC/issues/3253)
* EXOQuarantinePolicy
* Support exporting global quarantine policy
FIXES [#3285](https://github.com/microsoft/Microsoft365DSC/issues/3285)

* IntuneSettingCatalogCustomPolicyWindows10
* Initial release
FIXES [#2692](https://github.com/microsoft/Microsoft365DSC/issues/2692),
Expand Down
301 changes: 200 additions & 101 deletions Modules/Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,32 @@ function Get-TargetResource

[Parameter()]
[Switch]
$ManagedIdentity
$ManagedIdentity,

[Parameter()]
[System.String]
$CustomDisclaimer,

[Parameter()]
[System.String]
$EndUserSpamNotificationFrequency,

[Parameter()]
[System.Int32]
$EndUserSpamNotificationFrequencyInDays,

[Parameter()]
[System.String]
$EndUserSpamNotificationCustomFromAddress,

[Parameter()]
[System.String[]]
$EsnCustomSubject,

[Parameter()]
[System.String]
$QuarantinePolicyType

)

Write-Verbose -Message "Getting configuration of QuarantinePolicy for $($Identity)"
Expand Down Expand Up @@ -96,7 +121,7 @@ function Get-TargetResource

try
{
if ($Identity -eq 'DefaultGlobalPolicy')
if ($QuarantinePolicyType -eq 'GlobalQuarantineTag')
{
$QuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy -ErrorAction Stop
}
Expand All @@ -112,104 +137,130 @@ function Get-TargetResource
}
else
{
$EndUserQuarantinePermissionsValueDecimal = 0
if ($QuarantinePolicy.EndUserQuarantinePermissions)
if ($QuarantinePolicy.QuarantinePolicyType -eq 'GlobalQuarantineTag')
{
# Convert string output of EndUserQuarantinePermissions to binary value and then to decimal value
# needed for EndUserQuarantinePermissionsValue attribute of New-/Set-QuarantinePolicy cmdlet.
# This parameter uses a decimal value that's converted from a binary value.
# The binary value corresponds to the list of available permissions in a specific order.
# For each permission, the value 1 equals True and the value 0 equals False.

$EndUserQuarantinePermissionsBinary = ''
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToViewHeader: True'))
{
$PermissionToViewHeader = '1'
}
else
{
$PermissionToViewHeader = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDownload: True'))
{
$PermissionToDownload = '1'
}
else
{
$PermissionToDownload = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToAllowSender: True'))
{
$PermissionToAllowSender = '1'
}
else
{
$PermissionToAllowSender = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToBlockSender: True'))
{
$PermissionToBlockSender = '1'
}
else
{
$PermissionToBlockSender = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRequestRelease: True'))
{
$PermissionToRequestRelease = '1'
}
else
{
$PermissionToRequestRelease = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRelease: True'))
{
$PermissionToRelease = '1'
}
else
{
$PermissionToRelease = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToPreview: True'))
{
$PermissionToPreview = '1'
}
else
{
$PermissionToPreview = '0'
$result = @{
CustomDisclaimer = $QuarantinePolicy.CustomDisclaimer
EndUserSpamNotificationFrequency = $QuarantinePolicy.EndUserSpamNotificationFrequency
EndUserSpamNotificationFrequencyInDays = $QuarantinePolicy.EndUserSpamNotificationFrequencyInDays
EndUserSpamNotificationCustomFromAddress = $QuarantinePolicy.EndUserSpamNotificationCustomFromAddress
MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer
EsnCustomSubject = $QuarantinePolicy.EsnCustomSubject
MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName
MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting
OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled
QuarantinePolicyType = $QuarantinePolicy.QuarantinePolicyType
MaxKy9 marked this conversation as resolved.
Show resolved Hide resolved
Identity = $Identity
Credential = $Credential
Ensure = 'Present'
ApplicationId = $ApplicationId
CertificateThumbprint = $CertificateThumbprint
CertificatePath = $CertificatePath
CertificatePassword = $CertificatePassword
Managedidentity = $ManagedIdentity.IsPresent
TenantId = $TenantId
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDelete: True'))
{
$PermissionToDelete = '1'
}
else
{
$PermissionToDelete = '0'
}
# Concat values to binary value
$EndUserQuarantinePermissionsBinary = [System.String]::Concat($PermissionToViewHeader, $PermissionToDownload, $PermissionToAllowSender, $PermissionToBlockSender, $PermissionToRequestRelease, $PermissionToRelease, $PermissionToPreview, $PermissionToDelete)

# Convert to Decimal value
[int]$EndUserQuarantinePermissionsValueDecimal = [System.Convert]::ToByte($EndUserQuarantinePermissionsBinary, 2)
}
$result = @{
Identity = $Identity
EndUserQuarantinePermissionsValue = $EndUserQuarantinePermissionsValueDecimal
ESNEnabled = $QuarantinePolicy.ESNEnabled
MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer
MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName
MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting
OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled
Credential = $Credential
Ensure = 'Present'
ApplicationId = $ApplicationId
CertificateThumbprint = $CertificateThumbprint
CertificatePath = $CertificatePath
CertificatePassword = $CertificatePassword
Managedidentity = $ManagedIdentity.IsPresent
TenantId = $TenantId
else
{
$EndUserQuarantinePermissionsValueDecimal = 0
if ($QuarantinePolicy.EndUserQuarantinePermissions)
{
# Convert string output of EndUserQuarantinePermissions to binary value and then to decimal value
# needed for EndUserQuarantinePermissionsValue attribute of New-/Set-QuarantinePolicy cmdlet.
# This parameter uses a decimal value that's converted from a binary value.
# The binary value corresponds to the list of available permissions in a specific order.
# For each permission, the value 1 equals True and the value 0 equals False.

$EndUserQuarantinePermissionsBinary = ''
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToViewHeader: True'))
{
$PermissionToViewHeader = '1'
}
else
{
$PermissionToViewHeader = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDownload: True'))
{
$PermissionToDownload = '1'
}
else
{
$PermissionToDownload = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToAllowSender: True'))
{
$PermissionToAllowSender = '1'
}
else
{
$PermissionToAllowSender = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToBlockSender: True'))
{
$PermissionToBlockSender = '1'
}
else
{
$PermissionToBlockSender = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRequestRelease: True'))
{
$PermissionToRequestRelease = '1'
}
else
{
$PermissionToRequestRelease = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToRelease: True'))
{
$PermissionToRelease = '1'
}
else
{
$PermissionToRelease = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToPreview: True'))
{
$PermissionToPreview = '1'
}
else
{
$PermissionToPreview = '0'
}
if ($QuarantinePolicy.EndUserQuarantinePermissions.Contains('PermissionToDelete: True'))
{
$PermissionToDelete = '1'
}
else
{
$PermissionToDelete = '0'
}
# Concat values to binary value
$EndUserQuarantinePermissionsBinary = [System.String]::Concat($PermissionToViewHeader, $PermissionToDownload, $PermissionToAllowSender, $PermissionToBlockSender, $PermissionToRequestRelease, $PermissionToRelease, $PermissionToPreview, $PermissionToDelete)

# Convert to Decimal value
[int]$EndUserQuarantinePermissionsValueDecimal = [System.Convert]::ToByte($EndUserQuarantinePermissionsBinary, 2)
}
$result = @{
Identity = $Identity
EndUserQuarantinePermissionsValue = $EndUserQuarantinePermissionsValueDecimal
ESNEnabled = $QuarantinePolicy.ESNEnabled
MultiLanguageCustomDisclaimer = $QuarantinePolicy.MultiLanguageCustomDisclaimer
MultiLanguageSenderName = $QuarantinePolicy.MultiLanguageSenderName
MultiLanguageSetting = $QuarantinePolicy.MultiLanguageSetting
OrganizationBrandingEnabled = $QuarantinePolicy.OrganizationBrandingEnabled
Credential = $Credential
Ensure = 'Present'
ApplicationId = $ApplicationId
CertificateThumbprint = $CertificateThumbprint
CertificatePath = $CertificatePath
CertificatePassword = $CertificatePassword
Managedidentity = $ManagedIdentity.IsPresent
TenantId = $TenantId
}
}

Write-Verbose -Message "Found QuarantinePolicy $($Identity)"
Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)"
return $result
Expand Down Expand Up @@ -291,7 +342,31 @@ function Set-TargetResource

[Parameter()]
[Switch]
$ManagedIdentity
$ManagedIdentity,

[Parameter()]
[System.String]
$CustomDisclaimer,

[Parameter()]
[System.String]
$EndUserSpamNotificationFrequency,

[Parameter()]
[System.Int32]
$EndUserSpamNotificationFrequencyInDays,

[Parameter()]
[System.String]
$EndUserSpamNotificationCustomFromAddress,

[Parameter()]
[System.String[]]
$EsnCustomSubject,

[Parameter()]
[System.String]
$QuarantinePolicyType
)
#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies
Expand All @@ -305,11 +380,10 @@ function Set-TargetResource
Add-M365DSCTelemetryEvent -Data $data
#endregion
Write-Verbose -Message "Setting configuration of QuarantinePolicy for $($Identity)"

$ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
-InboundParameters $PSBoundParameters

if ($Identity -eq 'DefaultGlobalPolicy')
if ($QuarantinePolicyType -eq 'GlobalQuarantineTag')
{
$QuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy
}
Expand All @@ -327,6 +401,7 @@ function Set-TargetResource
$QuarantinePolicyParams.Remove('CertificatePath') | Out-Null
$QuarantinePolicyParams.Remove('CertificatePassword') | Out-Null
$QuarantinePolicyParams.Remove('ManagedIdentity') | Out-Null
$QuarantinePolicyParams.Remove('QuarantinePolicyType') | Out-Null

if (('Present' -eq $Ensure ) -and ($null -eq $QuarantinePolicy))
{
Expand Down Expand Up @@ -412,7 +487,31 @@ function Test-TargetResource

[Parameter()]
[Switch]
$ManagedIdentity
$ManagedIdentity,

[Parameter()]
[System.String]
$CustomDisclaimer,

[Parameter()]
[System.String]
$EndUserSpamNotificationFrequency,

[Parameter()]
[System.Int32]
$EndUserSpamNotificationFrequencyInDays,

[Parameter()]
[System.String]
$EndUserSpamNotificationCustomFromAddress,

[Parameter()]
[System.String[]]
$EsnCustomSubject,

[Parameter()]
[System.String]
$QuarantinePolicyType
)
#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies
Expand Down Expand Up @@ -529,6 +628,7 @@ function Export-TargetResource
CertificatePassword = $CertificatePassword
Managedidentity = $ManagedIdentity.IsPresent
CertificatePath = $CertificatePath
QuarantinePolicyType = $QuarantinePolicy.QuarantinePolicyType
}

$Results = Get-TargetResource @Params
Expand Down Expand Up @@ -574,4 +674,3 @@ function Export-TargetResource
}
}
Export-ModuleMember -Function *-TargetResource

6 changes: 6 additions & 0 deletions ...Microsoft365DSC/DSCResources/MSFT_EXOQuarantinePolicy/MSFT_EXOQuarantinePolicy.schema.mof
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,10 @@ class MSFT_EXOQuarantinePolicy : OMI_BaseResource
[Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword;
[Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath;
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
[Write, Description("The EndUserSpamNotificationFrequency parameter species how often quarantine notifications are sent to users. Valid values are: 04:00:00 (4 hours),1.00:00:00 (1 day),7.00:00:00 (7 days)")] String EndUserSpamNotificationFrequency;
[Write, Description("The QuarantinePolicyType parameter filters the results by the specified quarantine policy type. Valid values are: QuarantinePolicy, GlobalQuarantinePolicy")] String QuarantinePolicyType;
[Write, Description("This parameter is reserved for internal Microsoft use.")] String EndUserSpamNotificationFrequencyInDays;
[Write, Description("This parameter is reserved for internal Microsoft use.")] String CustomDisclaimer;
[Write, Description("The EndUserSpamNotificationCustomFromAddress specifies the email address of an existing internal sender to use as the sender for quarantine notifications. To set this parameter back to the default email address quarantine@messaging.microsoft.com, use the value $null.")] String EndUserSpamNotificationCustomFromAddress;
[Write, Description("The EsnCustomSubject parameter specifies the text to use in the Subject field of quarantine notifications.This setting is available only in the built-in quarantine policy named DefaultGlobalTag that controls global quarantine policy settings.")] String EsnCustomSubject[];
};
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we are missing a few parameters e.g., CustomDisclaimer. We need to make sure that all new parameters are defined in the schema.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added missed parameters.