-
Notifications
You must be signed in to change notification settings - Fork 502
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5291 from NikCharlebois/AADNetworkAccessSettingCr…
…ossTenantAccess AADNetworkAccessSettingCrossTenantAccess - Initial Release
- Loading branch information
Showing
9 changed files
with
596 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
307 changes: 307 additions & 0 deletions
307
...DNetworkAccessSettingCrossTenantAccess/MSFT_AADNetworkAccessSettingCrossTenantAccess.psm1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,307 @@ | ||
function Get-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.Collections.Hashtable])] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$IsSingleInstance, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$NetworkPacketTaggingStatus, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
New-M365DSCConnection -Workload 'MicrosoftGraph' ` | ||
-InboundParameters $PSBoundParameters | Out-Null | ||
|
||
#Ensure the proper dependencies are installed in the current environment. | ||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
$nullResult = $PSBoundParameters | ||
try | ||
{ | ||
$instance = Get-MgBetaNetworkAccessSettingCrossTenantAccess | ||
$results = @{ | ||
IsSingleInstance = 'Yes' | ||
NetworkPacketTaggingStatus = $instance.NetworkPacketTaggingStatus | ||
Credential = $Credential | ||
ApplicationId = $ApplicationId | ||
TenantId = $TenantId | ||
CertificateThumbprint = $CertificateThumbprint | ||
ManagedIdentity = $ManagedIdentity.IsPresent | ||
AccessTokens = $AccessTokens | ||
} | ||
return [System.Collections.Hashtable] $results | ||
} | ||
catch | ||
{ | ||
Write-Verbose -Message $_ | ||
New-M365DSCLogEntry -Message 'Error retrieving data:' ` | ||
-Exception $_ ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-TenantId $TenantId ` | ||
-Credential $Credential | ||
|
||
return $nullResult | ||
} | ||
} | ||
|
||
function Set-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$IsSingleInstance, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$NetworkPacketTaggingStatus, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` | ||
-InboundParameters $PSBoundParameters | ||
|
||
#Ensure the proper dependencies are installed in the current environment. | ||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
Write-Verbose -Message "Updating the Cross Tenant Access Settings" | ||
Update-MgBetaNetworkAccessSettingCrossTenantAccess -NetworkPacketTaggingStatus $NetworkPacketTaggingStatus | ||
} | ||
|
||
function Test-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.Boolean])] | ||
param | ||
( | ||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$IsSingleInstance, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$NetworkPacketTaggingStatus, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
#Ensure the proper dependencies are installed in the current environment. | ||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
$CurrentValues = Get-TargetResource @PSBoundParameters | ||
$ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() | ||
|
||
Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" | ||
Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" | ||
|
||
$testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-DesiredValues $PSBoundParameters ` | ||
-ValuesToCheck $ValuesToCheck.Keys | ||
|
||
Write-Verbose -Message "Test-TargetResource returned $testResult" | ||
|
||
return $testResult | ||
} | ||
|
||
function Export-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.String])] | ||
param | ||
( | ||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$ApplicationSecret, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` | ||
-InboundParameters $PSBoundParameters | ||
|
||
#Ensure the proper dependencies are installed in the current environment. | ||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
try | ||
{ | ||
$Script:ExportMode = $true | ||
|
||
if ($null -ne $Global:M365DSCExportResourceInstancesCount) | ||
{ | ||
$Global:M365DSCExportResourceInstancesCount++ | ||
} | ||
|
||
$params = @{ | ||
IsSingleInstance = 'Yes' | ||
Credential = $Credential | ||
ApplicationId = $ApplicationId | ||
TenantId = $TenantId | ||
CertificateThumbprint = $CertificateThumbprint | ||
ManagedIdentity = $ManagedIdentity.IsPresent | ||
AccessTokens = $AccessTokens | ||
} | ||
|
||
$Results = Get-TargetResource @Params | ||
$Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` | ||
-Results $Results | ||
|
||
$currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` | ||
-ConnectionMode $ConnectionMode ` | ||
-ModulePath $PSScriptRoot ` | ||
-Results $Results ` | ||
-Credential $Credential | ||
$dscContent += $currentDSCBlock | ||
Save-M365DSCPartialExport -Content $currentDSCBlock ` | ||
-FileName $Global:PartialExportFileName | ||
$i++ | ||
Write-Host $Global:M365DSCEmojiGreenCheckMark | ||
return $dscContent | ||
} | ||
catch | ||
{ | ||
Write-Host $Global:M365DSCEmojiRedX | ||
|
||
New-M365DSCLogEntry -Message 'Error during Export:' ` | ||
-Exception $_ ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-TenantId $TenantId ` | ||
-Credential $Credential | ||
|
||
return '' | ||
} | ||
} | ||
|
||
Export-ModuleMember -Function *-TargetResource |
13 changes: 13 additions & 0 deletions
13
...rkAccessSettingCrossTenantAccess/MSFT_AADNetworkAccessSettingCrossTenantAccess.schema.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
[ClassVersion("1.0.0.0"), FriendlyName("AADNetworkAccessSettingCrossTenantAccess")] | ||
class MSFT_AADNetworkAccessSettingCrossTenantAccess : OMI_BaseResource | ||
{ | ||
[Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; | ||
[Write, Description("Enable Tenant Restrictions for Entra ID (covering all cloud apps). Accepted values are enabled or disabled.")] String NetworkPacketTaggingStatus; | ||
[Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; | ||
[Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; | ||
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; | ||
[Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; | ||
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; | ||
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; | ||
[Write, Description("Access token used for authentication.")] String AccessTokens[]; | ||
}; |
6 changes: 6 additions & 0 deletions
6
...soft365DSC/DSCResources/MSFT_AADNetworkAccessSettingCrossTenantAccess/readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
# AADNetworkAccessSettingCrossTenantAccess | ||
|
||
## Description | ||
|
||
Configures the universal tenant restrictions in Entra Id |
28 changes: 28 additions & 0 deletions
28
.../Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessSettingCrossTenantAccess/settings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"resourceName": "AADNetworkAccessSettingCrossTenantAccess", | ||
"description": "Configures the universal tenant restrictions in Entra Id.", | ||
"roles": { | ||
"read": [], | ||
"update": [] | ||
}, | ||
"permissions": { | ||
"graph": { | ||
"delegated": { | ||
"read": [], | ||
"update": [] | ||
}, | ||
"application": { | ||
"read": [ | ||
{ | ||
"name": "NetworkAccess.Read.All" | ||
} | ||
], | ||
"update": [ | ||
{ | ||
"name": "NetworkAccess.ReadWrite.All" | ||
} | ||
] | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.