Merge pull request #3603 from microsoft/Dev

Release 1.23.823.1
microsoft · Aug 23, 2023 · 0b5ccd5 · 0b5ccd5
2 parents 224f48f + 3e739eb
commit 0b5ccd5
Show file tree

Hide file tree

Showing 13 changed files with 316 additions and 191 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,23 @@
 # Change log for Microsoft365DSC
 
+# 1.23.823.1
+
+* AADAuthorizationPolicy
+  * Fix issue with property PermissionGrantPolicyIdsAssignedToDefaultUserRole
+    FIXES [#3594](https://github.com/microsoft/Microsoft365DSC/issues/3594)
+* AADGroupsSettings
+  * Add support for enabling sensitivity labels in M365-groups
+* EXOSafeAttachmentPolicy
+  * Deprecated ActionOnError Parameter
+    FIXES [#3579](https://github.com/microsoft/Microsoft365DSC/issues/3579)
+* O365OrgSettings
+  * Updated logic of the Get to return null if permissions are not granted for
+    a given API.
+  * Updated the list of required permissions.
+* DEPENDENCIES
+  * Updated Microsoft.Graph dependencies to version 2.3.0
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.174.
+
 # 1.23.809.1
 
 * AADAuthorizationPolicy

diff --git a/...Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1 b/...Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1
@@ -164,7 +164,7 @@ function Get-TargetResource
             DefaultUserRoleAllowedToReadOtherUsers                  = $Policy.DefaultUserRolePermissions.AllowedToReadOtherUsers
             DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice = $Policy.DefaultUserRolePermissions.AllowedToReadBitlockerKeysForOwnedDevice
             DefaultUserRoleAllowedToCreateTenants                   = $Policy.DefaultUserRolePermissions.AllowedToCreateTenants
-            PermissionGrantPolicyIdsAssignedToDefaultUserRole       = $Policy.DefaultUserRolePermissions.PermissionGrantPoliciesAssigned
+            PermissionGrantPolicyIdsAssignedToDefaultUserRole       = $Policy.PermissionGrantPolicyIdsAssignedToDefaultUserRole
             GuestUserRole                                           = Get-GuestUserRoleNameFromId -GuestUserRoleId $Policy.GuestUserRoleId
             Ensure                                                  = 'Present'
             Credential                                              = $Credential
@@ -325,12 +325,8 @@ function Set-TargetResource
             {
                 if ($param -like 'Permission*')
                 {
-                    #beta profile
-                    #$UpdateParameters.Add($param, $currentParameters.$param)
-                    #Write-Verbose -Message "Added '$param' to UpdateParameters"
-                    #v1.0 profile
-                    $defaultUserRolePermissions.Add('PermissionGrantPoliciesAssigned', $currentParameters.$param)
-                    Write-Verbose -Message "Added 'PermissionGrantPoliciesAssigned' ($param) to defaultUserRolePermissions"
+                    $UpdateParameters.Add($param, $currentParameters.$param)
+                    Write-Verbose -Message "Added '$param' to UpdateParameters"
                 }
                 else
                 {

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1
@@ -13,6 +13,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableGroupCreation,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMIPLabels,
+
         [Parameter()]
         [System.Boolean]
         $AllowGuestsToBeGroupOwner,
@@ -95,7 +99,7 @@ function Get-TargetResource
         }
         else
         {
-            Write-Verbose -Message 'Found existing AzureAD Groups Settings'
+            Write-Verbose -Message 'Found existing AzureAD DirectorySetting for Group.Unified'
             $AllowedGroupName = $null
             $GroupCreationValue = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GroupCreationAllowedGroupId' }
             if (-not [System.String]::IsNullOrEmpty($GroupCreationValue.Value))
@@ -109,6 +113,7 @@ function Get-TargetResource
             }
 
             $valueEnableGroupCreation = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableGroupCreation' }
+            $valueEnableMIPLabels = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableMIPLabels' }
             $valueAllowGuestsToBeGroupOwner = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToBeGroupOwner' }
             $valueAllowGuestsToAccessGroups = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToAccessGroups' }
             $valueGuestUsageGuidelinesUrl = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'GuestUsageGuidelinesUrl' }
@@ -118,6 +123,7 @@ function Get-TargetResource
             $result = @{
                 IsSingleInstance          = 'Yes'
                 EnableGroupCreation       = [Boolean]::Parse($valueEnableGroupCreation.Value)
+                EnableMIPLabels           = [Boolean]::Parse($valueEnableMIPLabels.Value)
                 AllowGuestsToBeGroupOwner = [Boolean]::Parse($valueAllowGuestsToBeGroupOwner.Value)
                 AllowGuestsToAccessGroups = [Boolean]::Parse($valueAllowGuestsToAccessGroups.Value)
                 GuestUsageGuidelinesUrl   = $valueGuestUsageGuidelinesUrl.Value
@@ -167,6 +173,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableGroupCreation,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMIPLabels,
+
         [Parameter()]
         [System.Boolean]
         $AllowGuestsToBeGroupOwner,
@@ -267,6 +277,11 @@ function Set-TargetResource
                 $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableGroupCreation' }
                 $entry.Value = [System.Boolean]$EnableGroupCreation
             }
+            elseif ($property.Name -eq 'EnableMIPLabels')
+            {
+                $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'EnableMIPLabels' }
+                $entry.Value = [System.Boolean]$EnableMIPLabels
+            }
             elseif ($property.Name -eq 'AllowGuestsToBeGroupOwner')
             {
                 $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'AllowGuestsToBeGroupOwner' }
@@ -325,6 +340,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableGroupCreation,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMIPLabels,
+
         [Parameter()]
         [System.Boolean]
         $AllowGuestsToBeGroupOwner,

diff --git a/...les/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof b/...les/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.schema.mof
@@ -3,6 +3,7 @@ class MSFT_AADGroupsSettings : OMI_BaseResource
 {
     [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
     [Write, Description("The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.")] Boolean EnableGroupCreation;
+    [Write, Description("Boolean indicating whether or not sensitivity labels can be assigned to M365-groups.")] Boolean EnableMIPLabels;
     [Write, Description("Boolean indicating whether or not a guest user can be an owner of groups.")] Boolean AllowGuestsToBeGroupOwner;
     [Write, Description("Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.")] Boolean AllowGuestsToAccessGroups;
     [Write, Description("The url of a link to the guest usage guidelines.")] String GuestUsageGuidelinesUrl;

diff --git a/...crosoft365DSC/DSCResources/MSFT_EXOSafeAttachmentPolicy/MSFT_EXOSafeAttachmentPolicy.psm1 b/...crosoft365DSC/DSCResources/MSFT_EXOSafeAttachmentPolicy/MSFT_EXOSafeAttachmentPolicy.psm1
@@ -254,27 +254,23 @@ function Set-TargetResource
         $StopProcessingPolicy = $false
         if ($Redirect -eq $true)
         {
+            if ($ActionOnError -eq $true){
+                Write-Verbose -Message "The ActionOnError parameter is deprecated"
+                $SafeAttachmentPolicyParams.Remove('ActionOnError') | Out-Null
+            }
             $Message = 'Cannot proceed with processing of SafeAttachmentPolicy because Redirect is set to true '
-            if ($ActionOnError -eq $false)
+            if ([String]::IsNullOrEmpty($RedirectAddress))
             {
-                $Message += 'and ActionOnError is false'
+                $Message += 'and RedirectAddress is null'
                 $StopProcessingPolicy = $true
             }
-            else
-            {
-                if ([String]::IsNullOrEmpty($RedirectAddress))
-                {
-                    $Message += 'and RedirectAddress is null'
-                    $StopProcessingPolicy = $true
-                }
-            }
             if ($StopProcessingPolicy -eq $true)
             {
                 Write-Verbose -Message $Message
                 try
                 {
-                    $Message = 'Please ensure that if Redirect is set to true then  ' + `
-                        'ActionOnError is also set to true and RedirectAddress is not null'
+                    $Message = 'Please ensure that if Redirect is set to true ' + `
+                        'and RedirectAddress is not null'
                     New-M365DSCLogEntry -Message $Message `
                         -Source $($MyInvocation.MyCommand.Source) `
                         -TenantId $TenantId `