-
Notifications
You must be signed in to change notification settings - Fork 503
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5358 from kasaxena5/M365DataAtRestEncryptionPolic…
…yAssignment M365 data at rest encryption policy assignment
- Loading branch information
Showing
16 changed files
with
542 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
4 changes: 2 additions & 2 deletions
4
...M365DataAtRestEncryptionPolicy.schema.mof → ..._EXODataAtRestEncryptionPolicy.schema.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
..._M365DataAtRestEncryptionPolicy/readme.md → ...T_EXODataAtRestEncryptionPolicy/readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
# EXOM365DataAtRestEncryptionPolicy | ||
# EXODataAtRestEncryptionPolicy | ||
|
||
## Description | ||
|
||
|
2 changes: 1 addition & 1 deletion
2
...5DataAtRestEncryptionPolicy/settings.json → ...ODataAtRestEncryptionPolicy/settings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
316 changes: 316 additions & 0 deletions
316
...EXODataAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.psm1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,316 @@ | ||
function Get-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.Collections.Hashtable])] | ||
param | ||
( | ||
[Parameter()] | ||
[System.String] | ||
$DataEncryptionPolicy, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$IsSingleInstance, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
New-M365DSCConnection -Workload 'ExchangeOnline' ` | ||
-InboundParameters $PSBoundParameters | Out-Null | ||
|
||
Confirm-M365DSCDependencies | ||
|
||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
|
||
$nullResult = $PSBoundParameters | ||
try | ||
{ | ||
$instance = Get-M365DataAtRestEncryptionPolicyAssignment -ErrorAction Stop | ||
if ($null -eq $instance) | ||
{ | ||
throw 'Could not retrieve the M365DataAtRestEncryption Policy Assignment.' | ||
} | ||
|
||
$results = @{ | ||
DataEncryptionPolicy = [System.String]$instance.Name | ||
IsSingleInstance = 'Yes' | ||
Credential = $Credential | ||
ApplicationId = $ApplicationId | ||
TenantId = $TenantId | ||
CertificateThumbprint = $CertificateThumbprint | ||
ManagedIdentity = $ManagedIdentity.IsPresent | ||
AccessTokens = $AccessTokens | ||
} | ||
return [System.Collections.Hashtable] $results | ||
} | ||
catch | ||
{ | ||
New-M365DSCLogEntry -Message 'Error retrieving data:' ` | ||
-Exception $_ ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-TenantId $TenantId ` | ||
-Credential $Credential | ||
|
||
return $nullResult | ||
} | ||
} | ||
|
||
function Set-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
param | ||
( | ||
[Parameter()] | ||
[System.String] | ||
$DataEncryptionPolicy, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$IsSingleInstance, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
#Ensure the proper dependencies are installed in the current environment. | ||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
$currentInstance = Get-TargetResource @PSBoundParameters | ||
|
||
$setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters | ||
$setParameters.Remove('IsSingleInstance') | Out-Null | ||
Set-M365DataAtRestEncryptionPolicyAssignment @SetParameters | ||
} | ||
|
||
function Test-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.Boolean])] | ||
param | ||
( | ||
[Parameter()] | ||
[System.String] | ||
$DataEncryptionPolicy, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[System.String] | ||
$IsSingleInstance, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
#Ensure the proper dependencies are installed in the current environment. | ||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
$CurrentValues = Get-TargetResource @PSBoundParameters | ||
$ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() | ||
|
||
Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" | ||
Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" | ||
|
||
$testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-DesiredValues $PSBoundParameters ` | ||
-ValuesToCheck $ValuesToCheck.Keys | ||
|
||
Write-Verbose -Message "Test-TargetResource returned $testResult" | ||
|
||
return $testResult | ||
} | ||
|
||
function Export-TargetResource | ||
{ | ||
[CmdletBinding()] | ||
[OutputType([System.String])] | ||
param | ||
( | ||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$Credential, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$ApplicationId, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$TenantId, | ||
|
||
[Parameter()] | ||
[System.Management.Automation.PSCredential] | ||
$ApplicationSecret, | ||
|
||
[Parameter()] | ||
[System.String] | ||
$CertificateThumbprint, | ||
|
||
[Parameter()] | ||
[Switch] | ||
$ManagedIdentity, | ||
|
||
[Parameter()] | ||
[System.String[]] | ||
$AccessTokens | ||
) | ||
|
||
$ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` | ||
-InboundParameters $PSBoundParameters | ||
|
||
Confirm-M365DSCDependencies | ||
|
||
#region Telemetry | ||
$ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
$CommandName = $MyInvocation.MyCommand | ||
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
-CommandName $CommandName ` | ||
-Parameters $PSBoundParameters | ||
Add-M365DSCTelemetryEvent -Data $data | ||
#endregion | ||
|
||
try | ||
{ | ||
$Script:ExportMode = $true | ||
[array] $Script:exportedInstances = Get-M365DataAtRestEncryptionPolicyAssignment -ErrorAction Stop | ||
|
||
$i = 1 | ||
$dscContent = '' | ||
if ($Script:exportedInstances.Length -eq 0) | ||
{ | ||
Write-Host $Global:M365DSCEmojiGreenCheckMark | ||
} | ||
else | ||
{ | ||
Write-Host "`r`n" -NoNewline | ||
} | ||
foreach ($config in $Script:exportedInstances) | ||
{ | ||
$displayedKey = 'Data Encryption Policy Assignment' | ||
Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline | ||
$params = @{ | ||
IsSingleInstance = 'Yes' | ||
Credential = $Credential | ||
ApplicationId = $ApplicationId | ||
TenantId = $TenantId | ||
CertificateThumbprint = $CertificateThumbprint | ||
ManagedIdentity = $ManagedIdentity.IsPresent | ||
AccessTokens = $AccessTokens | ||
} | ||
|
||
$Results = Get-TargetResource @Params | ||
$Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` | ||
-Results $Results | ||
|
||
$currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` | ||
-ConnectionMode $ConnectionMode ` | ||
-ModulePath $PSScriptRoot ` | ||
-Results $Results ` | ||
-Credential $Credential | ||
$dscContent += $currentDSCBlock | ||
Save-M365DSCPartialExport -Content $currentDSCBlock ` | ||
-FileName $Global:PartialExportFileName | ||
$i++ | ||
Write-Host $Global:M365DSCEmojiGreenCheckMark | ||
} | ||
return $dscContent | ||
} | ||
catch | ||
{ | ||
Write-Host $Global:M365DSCEmojiRedX | ||
|
||
New-M365DSCLogEntry -Message 'Error during Export:' ` | ||
-Exception $_ ` | ||
-Source $($MyInvocation.MyCommand.Source) ` | ||
-TenantId $TenantId ` | ||
-Credential $Credential | ||
|
||
return '' | ||
} | ||
} |
12 changes: 12 additions & 0 deletions
12
...aAtRestEncryptionPolicyAssignment/MSFT_EXODataAtRestEncryptionPolicyAssignment.schema.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[ClassVersion("1.0.0.0"), FriendlyName("EXODataAtRestEncryptionPolicyAssignment")] | ||
class MSFT_EXODataAtRestEncryptionPolicyAssignment : OMI_BaseResource | ||
{ | ||
[Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; | ||
[Write, Description("The DataEncryptionPolicy parameter specifies the Microsoft 365 data-at-rest encryption policy.")] String DataEncryptionPolicy; | ||
[Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; | ||
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; | ||
[Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; | ||
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; | ||
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; | ||
[Write, Description("Access token used for authentication.")] String AccessTokens[]; | ||
}; |
5 changes: 5 additions & 0 deletions
5
...osoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# EXODataAtRestEncryptionPolicyAssignment | ||
|
||
## Description | ||
|
||
Use the Set-M365DataAtRestEncryptionPolicyAssignment cmdlet to assign a Microsoft 365 data-at-rest encryption policy at the tenant level. |
30 changes: 30 additions & 0 deletions
30
...s/Microsoft365DSC/DSCResources/MSFT_EXODataAtRestEncryptionPolicyAssignment/settings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
{ | ||
"resourceName": "EXODataAtRestEncryptionPolicyAssignment", | ||
"description": "Use the Set-M365DataAtRestEncryptionPolicyAssignment cmdlet to assign a Microsoft 365 data-at-rest encryption policy at the tenant level.", | ||
"roles": { | ||
"read": [ | ||
"Global Reader" | ||
], | ||
"update": [ | ||
"Exchange Administrator" | ||
] | ||
}, | ||
"permissions": { | ||
"graph": { | ||
"delegated": { | ||
"read": [], | ||
"update": [] | ||
}, | ||
"application": { | ||
"read": [], | ||
"update": [] | ||
} | ||
}, | ||
"exchange": { | ||
"requiredroles": [ | ||
"Compliance Admin" | ||
], | ||
"requiredrolegroups": "Organization Management" | ||
} | ||
} | ||
} |
Oops, something went wrong.